I’m using JAVA and Wicket on JBOSS 5. I need to change JSESSIONID cookie

Question

0

Asked: June 17, 20262026-06-17T23:05:06+00:00 2026-06-17T23:05:06+00:00

I’m using JAVA and Wicket on JBOSS 5. I need to change JSESSIONID cookie

0

I’m using JAVA and Wicket on JBOSS 5.
I need to change JSESSIONID cookie value to get the same Session used in another client (setting the other client’s JSESSIONID). I need that to authenticate the other client that has no keyboard).
What is the best way?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-17T23:05:08+00:00

If you really want to hack the JSESSIONID (which I don’t recommend), you can do the following way:

Write a Servlet Filter
In that filter write a wrapper for the HttpServletRequest (a new instance of this class must be passed to the chain.doFilter()) (let’s call it RequestWrapper)
In the RequestWrapper override the getSession(boolean) method

In the getSession(booelan) implementation you have to

Identify (and remember) the session you want to ‘share’ with the non-keyboard user (this should come first)
Identify the situation when you want to make the ‘change’ (when with some kind of check you identify your non-keyboard user)
When you have to ‘change’, you can return the remembered session from the getSession()

The key moment is: How do you identify your non-keyboard user? If you can’t do it safely (from the current information you provided I cannot see it), it is a security hole.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using JAVA and Wicket on JBOSS 5. I need to change JSESSIONID cookie

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply