How to make JBoss identify the JSESSIONID if it configured as an Http Query Parameter

Issue

• How to use a http query parameter to set the session id after a http session has been created using a cookie.
• Client-a sends an http-request to a web-app with no session cookie set in the request.
• The server creates a new session and responses with the jsessionid (e.g. ABC123)set as a cookie.

• Client-a sends now a second request with the jsessionid set as a query paramerter in the request url (e.g. The value of the query parameter is the same session id as the one the server responded to the first request).

• The server does not recognize the JESSIONID query parameter. The server just sees that there is no jsessionid set as a cookie and creates a new session object.

• What needs to be done in order to get the server to use the jsessionid which is submitted as a query parameter?

• The cookies are enabled in the browser. After the first request , the jsessionid cookie is set in the browser as a session has been created. Before the second request, deleted all cookies in the browser and modified my request url like the following:

http//somedomain/web-app?JSESSIONID=PreviouslyCreatedSessionId

• It is expected that the server evaluates the url parameter JSESSIONID and recognizes that there is a session with the corresponding session id. Unfortunately, this is not happening. Instead the server creates a new session and sets a new session cookie with a new session id.

• An http post request is send programmatically by a third party application and after that a browser is opened by that third party app using a redirect url which was re-ceived by the response of the previous post.

• The first post starts a session and receives the cookie. Unfortunately, the other application starts the browser without that cookie.

• Jboss would recognize that session provided as the Http Query parameter even though there is no cookie.