Multiple JSESSIONID Set-Cookie headers exist in response on JBoss EAP 5.x/6.x

Solution Unverified - Updated -

Issue

I have the following JSP which invalidates a current session and create new one:

<%
session.invalidate();
session = request.getSession();
session.invalidate();
session = request.getSession();
%>

When I access the above JSP, more than one JSESSIONID cookie headers are set in one response:

$ curl -v http://localhost:8080/test/example.jsp
...
> GET /test/example.jsp HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Powered-By: JSP/2.2
< Set-Cookie: JSESSIONID=ZDgcLUIGgnc27ZidCkn9sA__; Path=/test
< Set-Cookie: JSESSIONID=XyYKtzpqbxnu07y7zWQqeg__; Path=/test
< Set-Cookie: JSESSIONID=pQeg3bxaEJNhPGEJSOGJiw__; Path=/test
< Content-Type: text/html;charset=ISO-8859-1
< ...
< 

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.x
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In