Expand my Community achievements bar.

SOLVED

Sticky Session issue on Safari and iOS

Avatar

Level 2

Hi,

In our project we use HttpSession to store data that is used throughout the site. We have a setup which has 2 publish intsances and the dispatcher is configured to have sticky session. Everything works fine on most of the browsers except Safari and iOS devices. We observed that JSESSIONID is changing on each and every request. We suspect this could be the reason why iOS is unable to support sticky. Because of this we are losing session data as the request is served by another publish instance. Please suggest how to resolve this issue.

1 Accepted Solution

Avatar

Correct answer by
Level 7

To resolve the sticky session issue on Safari and iOS:

1. Set SameSite=None for JSESSIONID Cookie: Ensure the session cookie (JSESSIONID) has the SameSite=None attribute and is marked as Secure for HTTPS. This prevents Safari's cookie handling from interfering with sticky sessions.
- This can be configured in the servlet container (e.g., Tomcat).

2.Ensure Correct Cookie Domain and Path: Verify the cookie’s domain and path are set correctly, especially if you have multiple subdomains (e.g., www.example.com and app.example.com), as Safari may block cookies between subdomains.

3. Enable Session Replication: If you're using multiple publish instances, ensure session replication is configured to maintain session state across instances. You can use JVM-based session replication or external session management like distributed caching.

4. Test Safari and iOS Privacy Settings: Safari's Intelligent Tracking Prevention (ITP) can block cookies. Make sure it's not blocking third-party cookies and test the behavior with different privacy settings.

View solution in original post

1 Reply

Avatar

Correct answer by
Level 7

To resolve the sticky session issue on Safari and iOS:

1. Set SameSite=None for JSESSIONID Cookie: Ensure the session cookie (JSESSIONID) has the SameSite=None attribute and is marked as Secure for HTTPS. This prevents Safari's cookie handling from interfering with sticky sessions.
- This can be configured in the servlet container (e.g., Tomcat).

2.Ensure Correct Cookie Domain and Path: Verify the cookie’s domain and path are set correctly, especially if you have multiple subdomains (e.g., www.example.com and app.example.com), as Safari may block cookies between subdomains.

3. Enable Session Replication: If you're using multiple publish instances, ensure session replication is configured to maintain session state across instances. You can use JVM-based session replication or external session management like distributed caching.

4. Test Safari and iOS Privacy Settings: Safari's Intelligent Tracking Prevention (ITP) can block cookies. Make sure it's not blocking third-party cookies and test the behavior with different privacy settings.