Use unique cookie names to prevent JSESSIONID conflicts

[ahonor]

While it is possible to reference each web app from a different domain it is not always possible.
Some users will want to deploy Yana in the same container as another web app which will cause session conflicts at the cookie level.

Reference: Resolving JSESSIONID Conflicts

[orubel]

http://grails.org/doc/1.1/guide/2.%20Getting%20Started.html

4. The use of jsessionid (now considered harmful) is disabled by default.

Can you explain more of what you are trying to do? Dont want to be opening security holes.

[orubel]

ah... I see what you are trying to do. This is handled in context, not in app. You just manage this through your context when setting up virtual hosts in your app server.

[orubel]

or more simpler, I can simply add it so 'yana' is added to the end of 'localhost:8080' and it would append no matter what... no option.

Would requires going through all the links in the site and testing them all

[orubel]

DOH. I'm a bonehead.

grails.app.context = "/"

We can move that to the external config and that solves everyones problem

[orubel]

http://info.michael-simons.eu/2011/01/28/disable-jsessionid-path-parameter-in-java-web-applications/
ok sp[ring security uses that only in initially setting cookie apparently but it does use it
but yeah we are getting conflict because we share same environment... http://localhost so it tries to create and delete same cookie. This will not exist EXCEPT if tools exist within EXACT SAME ENVIRONMENT which is always considered bad form to begin with anyway. And this can be fixed through context (I believe) or by just using subdomains or fake hosts (if you must) in your /etc/host file