Weblogic create new session on every request (SPNEGO enabled)
Why weblogic create new session on every request if security constraints in application enabled and SPNEGO authentication provider is used?
Sample test servlet that does:
Sample test servlet that does:
HttpSession session = request.getSession();
out.println("Requested Session Id: " + HTMLFilter.filter(request.getRequestedSessionId()));
out.println("Current Session Id: " + session.getId());
If no authentication (security constraints are removed from deployment descriptors) - everything works fine, weblogic create session and keeps the same session in further requests.
If i add security constraints and enforce authentication - weblogic on every request create new session ID (meaning requested and current session are always different)
Weblogic 10 MP1, java 1.5.0_26
Here are deployment descriptors:
0