Multiple JSESSIONID Set-Cookie headers exist in response on JBoss EAP 5.x/6.x
Issue
I have the following JSP which invalidates a current session and create new one:
<%
session.invalidate();
session = request.getSession();
session.invalidate();
session = request.getSession();
%>
When I access the above JSP, more than one JSESSIONID cookie headers are set in one response:
$ curl -v http://localhost:8080/test/example.jsp
...
> GET /test/example.jsp HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Powered-By: JSP/2.2
< Set-Cookie: JSESSIONID=ZDgcLUIGgnc27ZidCkn9sA__; Path=/test
< Set-Cookie: JSESSIONID=XyYKtzpqbxnu07y7zWQqeg__; Path=/test
< Set-Cookie: JSESSIONID=pQeg3bxaEJNhPGEJSOGJiw__; Path=/test
< Content-Type: text/html;charset=ISO-8859-1
< ...
<
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.x
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.