Submit Feedback
Legacy Knowledge Base
Published Sep. 10, 2025

JSESSIONID hardcoded in Liferay codebase

Written By

Apsara Raheja

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • With the below piece of code in the Tomcat web.xml file(Tomcat/webapps/ROOT/WEB-INF/web.xml).

    <session-config>
        <cookie-config>
            <name>LR_JSESSIONID</name>
        </cookie-config>
    </session-config>

    We can create the cookie with the LR_JSESSIONID name instead of JSESSIONID

    However after the changes, the logout feature stopped working. However, there are references to JSESSIONID hardcoded in the Liferay codebase.

Environment

  • Liferay DXP 7.4

Resolution

  • The observed behavior is a new feature that has been addressed via LPSA-86513

Additional Information

  • Please note that the exact implementation will depend on the developers' decision, and the new feature can only be added to future Liferay releases. Users can find more information on how to open a Feature Request ticket by going to the following link: Requesting a New Feature or Feature Improvement
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?