I'm trying to have my JSESSIONID at ".mysite.com" so it can be shared across subdomains.
I have a 4.2.2 GA JBOSS instance doing this with this method: http://shchekoldin.com/2010/05/27/sharing-jsessionid-across-subdomains/ (which is from here: https://jira.jboss.org/browse/JBWEB-107) using the custom valve approach. ATG 9.
However on the EAP 5.1 version (I've compiled against JDK 1.6) the same custom valve doesn't kick in. I added some debugging but it never gets called. ATG 10.
Also, I tried turning on the SSO option in server.xml (as per https://community.jboss.org/wiki/JBossWebSingleSignOn) through the non-clustered method, but this plays no impact on it either.
Does anyone know how I can the JSESSIONID cookie to sit across subdomains on JBOSS 5?
(Side note, if I have "foo.bar.mysite.com" will this ".mysite.com" domain stored against the cookie work for multiple sub domains - this is for testing, in prod we just have the one level).
Disclaimer - I've asked the same question on SO (but didn't mention it was using ATG): http://stackoverflow.com/questions/13303660/jsessionid-across-subdomains
If you are trying to do it for session sharing across domains then you can probably also refer to something ATG offers for enabling session sharing across domains for multisite. Take a look at this in the ATG Platform Programming Guide and see if it helps:
I am trying to set my application's JSESSIONID to a custom name instead the default host name. I have configured /WEB-INF/context.xml as you have mentioned. for ex .
But whenever I am hitting my application with localhost or 127.0.0.1 or another domain name (mytestapp.com) the JSESSIONID is created with the domain of the URL and not based on the value which I set in SessionCookie (example.com). Do I need to configure any other xml files in jboss.
If not 100% sure on what you're trying to achieve, but if you configure JBoss to send a different host in the cookie, and request the same application via a different domain, your browser won't store the cookie for that session, as it sees it as a different domain and ignore it for that response.