When I hit http://example.com a cookie named MY_SESSION_ID exists with the sessionId as its value. I then hit http://example.com/estore, the cookie MY_SESSION_ID's value is updated to a new sessionId instead of using the same one.
Is there some other setting I am missing in order for these apps to share the same sessionID? Is what I am trying to do even possible?
Perhaps I should be using a different cookie for each webapp, but I set those properties in my tomcat startup script, so they are applied to all webapps running under it. Is there a different place I need to set the cookie properties instead?
Can you check your cookie details? Do you see same domain name in your session_id tab under cookie details.
If both the domain name are different, it is expected results. If not, please update the details to further analysis?
when I hit http://my.example.com I see this cookie
Name MY_SESSION_ID
Value dDlhPSstoDX66XYUKLs2.519
Host .my.example.com
Path /
Secure No
Expires At End Of Session
when I hit http://my.example.com/estore I see this cookie
Name MY_SESSION_ID
Value QA6zus0TlUxcayFaQWmz.519
Host .my.example.com
Path /
Secure No
Expires At End Of Session
The value of the cookie changes, but the path is the same.
Are the paths supposed to be different?
Before I did not have the path property set and the cookies were set to paths like this:
.my.example.com and .my.example.com/estore
This cause the estore app to never stay logged in..im guessing because it could access both .my.example.com and .my.example.com/estore cookies since both domains are readable by the estore app. The main app worked fine since it could not access the estore cookie.