Rename the HTTP session cookie
The Java Servlet API up to Version 2.5 states the session identification cookie must be named JSESSIONID . WebSphere Application Server Version 8 supports the Java Servlet API 3.0 that offers applications the option to rename the JSESSIONID cookie name. Therefore WebSphere Portal v8.5 also supports this option.
A common use case for changing the JSESSIONID cookie name results from cookie name clashes due to HTTP proxy server usage. We can avoid such conflicts by either of the following methods:
- Enable HTTP session ID reuse
- This prevents cookie name clashes by reusing the session ID values across different servers. To protect WebSphere Portal user sessions, we need to enable security integration in conjunction with session ID reuse.
- Session management custom properties. Session security support and Session management settings
- Rename the HTTP session cookie on WebSphere Application Server. To do this:
- Open the WAS console.
- Select Servers > Application Servers > Server_Name > Web Container Settings > Session management > Enable Cookies.
- Set the value for session cookie name as required.
- Click OK.
- Save the changes.
- Restart WebSphere Application Server
- Regenerate the plug-in configuration file.
- If we are running a remote system, copy the plug-in configuration file to the remote server.
- To synchronize the portal with the changes you made in the previous step, add the required properties to the Resource Environment Providers for the portal:
- Open the WAS console.
- Add the following properties to the Resource Environment Providers:
- In the WP ConfigService, add the following property: cookie.sessionid.name=cookiename
- In the WP PortletServiceRegistryService, add the following property:
com.ibm.wps.pb.service.PropertyBrokerServiceImpl.sessionid.cookie.names=cookiename
For both properties, replace the variable cookiename by the new name of the JSESSIONID cookie.
Parent Configure portal behavior