[GLASSFISH-4589] Add support for session tracking via SSL session id Created: 02/Apr/08  Updated: 06/Mar/12

Status: Open
Project: glassfish
Component/s: web_container
Affects Version/s: V3
Fix Version/s: not determined

Type: New Feature Priority: Major
Reporter: jluehe Assignee: jluehe
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: All
Platform: Sun

Issuezilla Id: 4,589


See http://forums.java.net/jive/thread.jspa?threadID=38902&tstart=0

Comment by jluehe [ 26/Aug/08 ]

This is a new feature, and not the enhancement of an existing one.

Comment by jluehe [ 07/Apr/10 ]

Joe (java.net id "infosun") posted this interesting comment to the above froum

Jan Luehe described a possible solution in his Blog "GlassFish Support for
Cookie-less HTTP Sessions"

follow the example and replace his invoke method with the following code.

public int invoke(Request request, Response response) throws IOException,
CoyoteRequest coyoReq = (CoyoteRequest) request;
coyoReq.getAttribute(Globals.CERTIFICATES_ATTR); // call
String cid =
if(cid != null)

{ coyoReq.setRequestedSessionId(cid); }


works for me under Glassfish v2ur2.


This should continue to work with GF v3.

All that's left to do would be to install this special-purpose valve (that is,
add it to the application's pipeline) for any application that had SSL
configured as its session tracking mode.

Comment by Tom Mueller [ 06/Mar/12 ]

Bulk update to change fix version to "not determined" for all issues still open but with a fix version for a released version.

Generated at Tue Oct 25 12:24:11 UTC 2016 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.