access site with session cookie by IP

[Tom Eicher]

Hello,

I have a wildfly 26.1.3 server that will soon be clustered.

I have adapted the config including

<session-cookie name="CLOUDCOOKIE" domain=".mydomain.net" />

and all is fine.

However, my local development instance is not clustered, and I used to access it under http://127.0.0.1:8080

When I do this now, I go to my login page (loads fine), and when the session is created, I get into an endless loop where I am redirected to a page with a new session cookie appended to the URL endlessly.

http://127.0.0.1:8080/Logon;cloudcookie=Pzt1RVR6whCV36Sb9MiGWzf41bamp6iS54_H1bt_.hostname

http://127.0.0.1:8080/Logon;cloudcookie=WwGSd4Cc9E11SsRX88e3AcZiCeDM8DQVkLnx3IzB.hostname

... and so on

Now when I edit my etc/hosts and add a 127.0.0.1 hostname.mydomain.net

then accessing the system with http://hostname.mydomain.net:8080 works.

If I comment out the "domain" from the cookie configuration, access works again even with IP.

Can I make a site with domain cookie accessible (additionally!) by IP, and how?

Many Thanks Tom.

[Paul Ferraro]

When you configure <session-cookie/> with a domain name, the Set-Cookie header of a given server response will contain a session cookie with a domain.

However, when sending a request, your browser will only send cookies with a matching domain.

That is why requests send to an IP address always start a new session.

Generally, you do not need/want to specify a domain in your session cookie.

In this case, response from the server will contain a Set-Cookie without any domain causing the browser to auto-apply an effective domain based on the request.

If the request was made using an IP address, the effective domain of the cookie will be that IP address.