Spring Boot 2.x - change session cookie id value length (JSESSIONID length)

5 points
Created by:

In this short article, we would like to show how to change the default JSESSIONID cookie value length in Spring Boot 2.x.

Quick solution:

package com.example.config;

import org.apache.catalina.Context;
import org.apache.catalina.Manager;
import org.apache.catalina.SessionIdGenerator;
import org.apache.catalina.webresources.ExtractingRoot;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

public class TomcatConfig {

    public WebServerFactoryCustomizer<TomcatServletWebServerFactory> servletContainerCustomizer() {
        return (TomcatServletWebServerFactory container) -> {
            container.addContextCustomizers((Context context) -> {
                Manager manager = context.getManager();
                if (manager != null) {
                    SessionIdGenerator generator = manager.getSessionIdGenerator();
                    // 32 bytes requires 64 characters to encode cookie value
                    // by default, used session is length is 16 bytes

Example cookies:

Changed JSESSIONID cookie value length to longer - Spring Boot 2.x.
Changed JSESSIONID cookie value length to longer - Spring Boot 2.x.

See also

  1. Tomcat - set JSESSIONID length / set session id length 
Native Advertising
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

❤️💻 🙂