Monday, May 14, 2012

Configuring Custom Session identifier

Lets assume customer has a policy that each web application must have an alternative session identifier than that the default JSESSIONID. In this case they wanted to set it to applicationname_sessionid.

It is possible that they perhaps have in there infrasturucture some other applications to enforce certian security restrictions , such as a requests has to have a specific session identfier.

1. To configure custom session identifier in weblogic, we need to modifiy the application related WEB-INF\weblogic.xml file. We need to add the cookieName parameter and value applicationname_sessionid under tags session-param


CookieName applicationname_sessionid


1. To configure custom session identifier in websphere, we need to add the custom property SessionRewriteIdentifier at web container level.

To specify custom properties for session management, use the following steps:

1.In the administrative console click Servers > Application Servers > server_name > Web Container Settings > Web container.
2.Under Additional Properties select Custom Properties.
3.On the Custom Properties page, click New.
4.On the settings page, enter the property that you want to configure in the Name field (SessionRewriteIdentifier ) and the value that you want to set it to in the Value field (applicationname_sessionid).
5.Click Apply or OK.
6.Click Save on the console task bar to save your configuration changes.
7.Restart the server.