Cookies are old hat for many of us, in use in all types of applications.  What you might not realize is that many Java frameworks, including ADF will by default use the same cookie name for the session identification.  This is all well and good if only one such application is using that domain, but if multiple ADF applications are sharing the same domain, they can clobber each other's sessions.

Once client encountered this when a user started reporting their application session timing out after what seemed to be really short periods of time.  It turned out to be two ADF applications that were using the default names for their cookies (JSESSIONID). 

Thankfully, in Weblogic, this is easy to fix.  In JDeveloper, you can open the weblogic.xml file in your ViewController project and click on the session section on the left hand side.  Open the Cookies panel and provide a Cookie Name, save this file and you are all set.

The source would look like this:

<session-descriptor>

   <cookie-name>mycookie</cookie-name>

</session-descriptor>

That's all there is to it.

BTW, we encountered this again when deploying a couple older ADF applications in a clustered environment.  If we used the apache weblogic plugin to do load balancing we were encountering some strange issues.  It turns out that unless you supply a cookie name for the plugin, it also uses JSESSIONID and one of the older applications that hadn't been udated with a cookie name was overwriting it, causing our session to be lost and our browser could no longer reach the application.  It kept receiving timeout notices.  Adding a cookie name in the configuration fixed the problem.

Lesson learned: never underestimate the value of naming your cookies!