<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hello,</p>
<p><br>
</p>
<p>I'm working to integrate a legacy SSO system with undertow (Wildfly 10), and this SSO is also used with JBoss 4 and 6.</p>
<p><br>
</p>
<p>Its strategy is to share the same JSESSIONID between all the applications running inside all those servers.</p>
<p style="font-family: Calibri, Arial, Helvetica, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px;">
</p>
<p></p>
<p><br>
</p>
<p>In my <span style="font-family: Calibri, Arial, Helvetica, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols; font-size: 16px;">custom Authentication Mechanism, I retrieve the session id that
will be used for this session, but </span><span style="font-size: 12pt;">just after invoking SecurityContext#</span><span style="font-size: 12pt;">authenticationComplete, a new session is created, which takes me to have two session cookies. I mean, they both
are named JSESSIONID.</span></p>
<p><span></span></p>
<p><span><br>
</span></p>
<p><span>I could find a way to remove this one created by undertow, but I'm not sure this is the best approach.</span></p>
<p><span><br>
</span></p>
<p><span>What do you suggest me to do is this scenario?</span></p>
<p><span><br>
</span></p>
<div id="Signature">_______________<br>
Vinicius Kopcheski<br>
</div>
</div>
</body>
</html>