How to disable checking the request session id if it exists on other session managers in JBoss EAP 7.0.6 or later

Solution Verified - Updated 14 Jun 2024

Environment

Red Hat JBoss Enterprise Application Platform (EAP)
- 7.0.6 or later

Issue

How can I disable reusing the request session id in JBoss EAP 7.0.6 or later?
Since EAP 7.0.6 which incorporates Content from issues.jboss.org is not included.UNDERTOW-1003 / Content from issues.jboss.org is not included.JBEAP-9049, EAP 7 checks all other session managers to see if the session id in the request exists in other session manages (= in other deployments). If the session id exists in other session managers, EAP 7/Undertow reuses the session id. I would like to disable this feature. How can I configure it?

Resolution

In EAP 7.1.0 or later which incorporates Content from issues.jboss.org is not included.JBEAP-11665

you can disable the reusing the request session id feature by setting disable-session-id-reuse to true in undertow subsystem:

/subsystem=undertow/servlet-container=default:write-attribute(name=disable-session-id-reuse,value=true)

In EAP 7.0.x (7.0.6 or later)

There is no configurable parameter for it. You can use custom ServletExtension to disable it. For example, the custom ServletExtension is like the following:

package com.redhat.example;

import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.ServletExtension;
import javax.servlet.ServletContext;

public class CustomServletExtension implements ServletExtension {
    public void handleDeployment(final DeploymentInfo deploymentInfo, final ServletContext servletContext) {
        deploymentInfo.setCheckOtherSessionManagers(false);
    }
}

with putting META-INF/services/io.undertow.servlet.ServletExtension, which have com.redhat.example.CustomServletExtension as a content. Then package these in your web application which you want to disable session id reusing.

An example custom ServletExtension is attached as undertow-example-servletextension.tar.gz in this article, so you can extract it and put undertow-example-servletextension.jar in WEB-INF/lib of your web application. If you do not update your web application to package such jar, you can use the deployment overlay feature.

SBR

Product(s)

Red Hat JBoss Enterprise Application Platform

Components

jbossas

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.