Copy description from JBEAP-14847:
On EAP 6, request.getSession().getId() would return sessionid.instance-id. Now on EAP 7, request.getSession().getId() only returns sessionid without the instance-id.
This has been causing issues with routeless cookies for some upgrades from EAP 6 to EAP 7 if the app does something to recreate the JSESSIONID cookie based upon the request.getSession().getId(). The app typically should not do that, but these upgrade issues could be avoided without necessary app code changes if EAP 7 also returned sessionid.instance-id like EAP 6 did.
Engineer suggests to keep current EAP7+ behavior because the logic in EAP6 was flawed and problematic. That is to say: the request.getSession().getId() won't include the instance-id from EAP7+, but the HTTP cookie JESSIONID will still have instance-id appended.
It would be better to mention such a change in migration guide so that customer can adjust their app accordingly when they migrate from EAP 6 to EAP 7.
- clones
-
JBEAP-15700 [CD.15] HttpSession.getId() won't include instance-id from EAP7+
-
- Closed
-
- documents
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
