Oracle Weblogic Server (MOSC)

MOSC Banner

Weblogic create new session on every request (SPNEGO enabled)

edited Jan 23, 2011 6:35PM in Oracle Weblogic Server (MOSC) 8 commentsAnswered
Why weblogic create new session on every request if security constraints in application enabled and SPNEGO authentication provider is used?
Sample test servlet that does:

        HttpSession session = request.getSession();
        out.println("Requested Session Id: " + HTMLFilter.filter(request.getRequestedSessionId()));
        out.println("Current Session Id: " + session.getId());

If no authentication (security constraints are removed from deployment descriptors) - everything works fine, weblogic create session and keeps the same session in further requests.
If i add security constraints and enforce authentication - weblogic on every request create new session ID (meaning requested and current session are always different)

Weblogic 10 MP1, java 1.5.0_26

Here are deployment descriptors:

Howdy, Stranger!

Log In

To view full details, sign in to My Oracle Support Community.

Register

Don't have a My Oracle Support Community account? Click here to get started.

Category Leaderboard

Top contributors this month

New to My Oracle Support Community? Visit our Welcome Center

MOSC Help Center