Can you try setting
'io.undertow.servlet.api.DeploymentInfo#changeSessionIdOnLogin' to
false? By default Undertow will generate a new session ID when you
authenticate as a precaution.
Stuart
On Tue, Oct 4, 2016 at 8:19 AM, Vinicius F. Kopcheski
<viniciusfk(a)hotmail.com> wrote:
Hello,
I'm working to integrate a legacy SSO system with undertow (Wildfly 10), and
this SSO is also used with JBoss 4 and 6.
Its strategy is to share the same JSESSIONID between all the applications
running inside all those servers.
In my custom Authentication Mechanism, I retrieve the session id that will
be used for this session, but just after invoking
SecurityContext#authenticationComplete, a new session is created, which
takes me to have two session cookies. I mean, they both are named
JSESSIONID.
I could find a way to remove this one created by undertow, but I'm not sure
this is the best approach.
What do you suggest me to do is this scenario?
_______________
Vinicius Kopcheski
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev