Cookies path with Spring Cloud Gateway

Question

Consider this microservices based application using Spring Boot 2.1.2 and Spring Cloud Greenwich.RELEASE:

• Each microservice uses the JSESSIONID cookie to identify its own dedicated Servlet session (i.e. no global unique session shared with Spring Session and Redis).
• External incoming requests are routed by Spring Cloud Gateway (and an Eureka registry used through Spring Cloud Netflix, but this should not be relevant).

When Spring Cloud Gateway returns a microservice response, it returns the "Set-Cookie" as-is, i.e. with the same "/" path.

When a second microservice is called by a client, the JSESSIONID from the first microservice is forwarded but ignored (since the corresponding session only exists in the first microservice). So the second microservice will return a new JSESSIONID. As a consequence the first session is lost.

In summary, each call to a different microservice will loose the previous session.

I expected some cookies path translation with Spring Cloud Gateway, but found no such feature in the docs. Not luck either with Google.

How can we fix this (a configuration parameter I could have missed, an API to write such cookies path translation, etc)?

Answer 1

Rather than changing the JSESSIONID cookies path in a GlobalFilter, I simply changed the name of the cookie in the application.yml:

# Each microservice uses its own session cookie name to prevent conflicts
server.servlet.session.cookie.name: JSESSIONID_${spring.application.name}