We implement SSO in WebSphere by using LTPA(default websphere sso) token between WAS(running web application ) and WAS(running filenet content navigator).
SSO is working fine but JSESSIONID gets overwritten ,due to that user log-out from
Scenario
JSESSIONID gets overwritten in the following scenario:1. HTTP Request is sent to "https://test1.domain.com" URL.
2. HTTP session is created for "https://test1.domain.com" and session ID is stored in
JSESSIONID cookie.
3. "https://test.domain.com" stores an object in the session.
4. "https://test1.domain.com" calls "https://test2.domain.com" ("https://test2.domain.com" provides a menu)
5. HTTP session is created for "https://test2.domain.com" and session ID is stored in
JSESSIONID cookie overwriting the previous value ("https://test1.domain.com" session ID).
6. Second HTTP request is sent to "https://test1.domain.com" URL.
7. "https://test1.domain.com" fails to lookup the object in the session stored in step 3.
request.getSession(false) returns null.
Resolution
https://test1.domain.com and https://test2.domain.com are in two different WAR files and therefore havedifferent context roots, right?
In that case you could use WebSphere's admin console and change the
cookie path from the default (which is /, meaning the cookie is sent as
long as the URL starts with a /, which is always) to the context root
for each application.
So for application A, set the cookie path to /test1_contextRoot and for
application B, set the cookie path to /test2_contextRoot.
In WebSphere's admin console, go to Enterprise Applications ->
Application A -> Session Management -> {click the Enable Cookies link}
and change the Cookie path.
No comments:
Post a Comment