(I am using spring-security and tomcat 6)
I have two applications A and B which are running on the same server. I have a situation which I am unable to solve.
When I log in the A application, JSESSION takes a new value, say v-a.
(This might be irrelevant, but might be good as well: As I am using spring security and I have enabled the session-migration, every time I request for the index page, a new value will be assigned to JSESSIONID)
Then I request for B application. The request goes with JESSIONID = v-a, and the JSESSIONID takes a new value, say v-b. (most probably because of session-migration the old value is replaced with the new one).
Now when I want to use A application, the requests goes with JESSIONID = v-b! Which means that these two applications are using the same session? And the nasty thing about it is that I am thrown away from the first application and have to log in again...
This only happens when they both use the same IP. I have logged in the very same two applications with different IPs with no problem.
Any help would be appreciated. If you need extra information, just let me know.
Here is the complete details:
Application A uses localhost:8080/dtts/dtts/a
Application B uses localhost:8080/dtts/dtts/b
For every URL/Path a cookie with name JSESSIONID is set. For both applications we have:
URL: localhost
Path: dtts (and the rest is ignored)
That's why the second cookie replaces the first one. Problem solved.