This discussion is archived
0 Replies Latest reply: Jul 10, 2013 7:41 AM by Luis RSS

Mixing application data sessions in Weblogic Service Providers (SAML2)

Luis Newbie
Currently Being Moderated

Hello there,


This issue is related with the next ones:



My scenario is this, I have several applications, deployed in managed servers configured as Service Providers see This applications are sharing the same domain name. e.g.:



The problem is that as we can not either change the default cookiename for them (Configuring Single Sign-On with Web Browsers and HTTP Clients - 12c Release 1 (12.1.1)) or add the cookie-path (, the data session of both applications is being mixed.


One possible solution that I have tried is to declare a different persistent-store-type: cookie, file, jdbc... (weblogic.xml Deployment Descriptor Elements - 12c Release 1 (12.1.1))


We have tried also a different approach: change the JSESSIONID cookie path set by the Weblogic saml2 module. This can be done in two ways:


  1. Modifying the Set-Cookie header response sent by the saml2 module using Apache mod_headers module: Modify JSESSIONID cookie path with apache and mod_headers » Official dAm2K Blog
  2. Adding a cookie-path to the session-descriptor of the saml2.war  ($WEBLOGIC_HOME/wlserver_12.1/server/lib/saml2.war)


Any thoughts on this?


Thanks in advance,




ps: WebLogic Server Version:, but it applies also to any 10.3...