In a clustered Websphere environment, I retrieve the JSESSIONID of the current HTTP request using the following code:
HttpServletRequest servletRequest = ...;
servletRequest.getSession().getId();
From this code, I get the identifier, something like this: z84d621pxY1VChlK_0eEgFZ.
Then if I check the cookies on my browser, I see that the JSESSIONID contains the above ID but with additional information, e.g. 0000z84d621pxY1VChlK_0eEgFZ:18fjt9t1u
I'm surprized that HttpServletRequest.getSession().getId() does not give me the right identifier.
Note that if I test with Tomcat, I always get the same value.
How should I proceed to get the full JSESSIONID value?
It gives you the right identifier - the session identifier. The rest of the number are internal WebSphere related parts. WebSphere session cookie consists of 3 parts:
Epoch number (first four digits) are used by web container to make sure that cached session is not stale.
Session ID - is actual session identifier, which allows container to find user session
Clone ID - is used by WebSphere Plugin installed with web server to forward request to the server that holds session data with respect to session affinity.
Why would you need the other parts? They don't identify the session and might change during session lifetime.
UPDATE
You can get full session id using cookie api:
Cookie cookies[] = request.getCookies();
for(int i = 0; i< cookies.length; i++) {
out.println(cookies[i].getName() + " " +cookies[i].getValue()+ " <br>" );
}
// output:
JSESSIONID 00002ikOjIY63tLqbF-6OF0QxL8:-1