on 08-23-2016 9:42 AM
While going through spring-filter-config.xml, I found the following in OOB xml:
My specific concern is following:
With property useDefaultPath set as false, it was generating 4 Jession id's for different path's.
but when I set useDefaultPath to true, it was generating only 1 jsession id.
<bean id="defaultSessionCookieGenerator" class="com.shoprite.storefront.security.cookie.EnhancedCookieGenerator" >
<property name="cookieSecure" value="true"/>
<property name="cookieName" value="JSESSIONID"/>
<property name="cookieMaxAge" value="-1"/>
<property name="useDefaultPath" value="false"/>
<property name="httpOnly" value="true"/>
</bean>
My question is why is useDefaultPath set to false in default hybris storefront generated through modulegen in Hybris 6, as this was causing problems with clustering and load balancing?
After we changed this to: the problem disappeared. Any suggestions?
I'm not really sure why this EnhancedCookieGenerator
is needed for the JSESSIONID
cookie anymore. It was presumably written for Servlet spec 2.5 that doesn't support setting httpOnly.
If you just remove this cookie generator and rely on the default Tomcat behaviour you can put the settings in web.xml
e.g.
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
Then you'll get one session cookie per context (unless you change sessionCookiePath
in the context configuration) rather than a session cookie for every path that you visit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I've also experienced issues with using EnhancedCookieGenerator
in the root context for other cookies (e.g. guidCookieGenerator).
I changed line 105
from
cookie.setPath(request.getContextPath());
to
cookie.setPath(StringUtils.isBlank(request.getContextPath()) ? "/" : request.getContextPath());
Otherwise it ends up setting your cookies with a blank path which means the browser uses the path of the currently viewed page.
User | Count |
---|---|
8 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.