Hello,

I'm working to integrate a legacy SSO system with undertow (Wildfly 10), and this SSO is also used with JBoss 4 and 6.

Its strategy is to share the same JSESSIONID between all the applications running inside all those servers.

In my custom Authentication Mechanism, I retrieve the session id that will be used for this session, but just after invoking SecurityContext#authenticationComplete, a new session is created, which takes me to have two session cookies. I mean, they both are named JSESSIONID.

I could find a way to remove this one created by undertow, but I'm not sure this is the best approach.

What do you suggest me to do is this scenario?