change domain of JSESSIONID cookie in Apache

You can do that by using ".domain.com" as the domain when you set the cookie.  Apparently there is an XML file somewhere that sets all the cookie parameters.  WEB-INF/web.xml?

I can't find in WEB-INF/web.xml

JSESSIONID is not going to be set by Apache but by Java.  Please click on "Request Attention" and get the JAVA Topic Area added to your question so the Java experts will see your question.  It would also help if you would post the exact program versions and methods you are using since there may be more than one way of doing this.

Are you using Tomcat (behind Apache) to host the application? Do you have access to modify the web application?

If so, you can add a file "META-INF/context.xml" that contains the below... (note: in your project, META-INF should be in the same directory as your WEB-INF)

<?xml version="1.0" encoding="UTF-8"?>
<Context sessionCookieDomain=".domain.com"/>

Select allOpen in new window

Note: if the "META-INF/context.xml" file already exists, just add the above attribute to the <Context> element that will already be there.

You are trying to close this request by accepting your own comment. This is fine but the comment has no information about how your problem is solved, it was just a comment listing 2 things you had tried and why neither of those 2 things are acceptable. But now you say that it's solved.

Please leave a comment about exactly how your problem was solved and then you can accept that as the answer. Otherwise you should award points to any answers that have helped you.

this solves