Configure sessionIdLength for non-clustered web application in JBoss EAP 5.x

Solution Unverified - Updated -


  • JBoss Enterprise Application Platform (EAP)
    • 5.x
  • JBoss Enterprise Portal Platform (EPP)
    • 5.x


  • To configure the sessionIdLength for non-clustered web application
  • What maximum session id length supported by Jboss?


  • To configure at application level:
    sessionIdLength can be configured for the application by adding the following in context.xml file inside the application as follows:

    <?xml version="1.0"?>
    <Context debug="1" privileged="true" >
       <Manager sessionIdLength="100" />
  • To configure at the server's container level:
    Edit "context.xml" under $JBOSS_HOME/server/$PROFILE/deploy/jbossweb.sar/ and add sessionIdLength attribute to <Manager>

Note: The minimum length is 16 bytes. The maximum value is logically Integer.MAX_VALUE (= 2147483647) but you will see java.lang.ArrayIndexOutOfBoundsException if it causes overflow the maximum size of the request and response HTTP header (8192 bytes by default) or java.lang.OutOfMemoryError if you set loo large value.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.