I am running a tomcat web application on AWS Elastic Beanstalk using load balancing. I have two cookies for each session (1) JSESSIONID (2) XSRF-TOKEN (csrf token*).
I set the JSESSIONID as the application-controlled session stickiness cookie, in Load Balancer Port Configuration. It works perfectly. But I can not set the second session cookie as it is only possible to set ONE sticky cookie in the Load Balancer.
Any idea how I can set multiple cookies for a session in Elastic Beanstalk Load Balancer?
I appreciate your help as Im stuck with this big time! Migan
*On every request to the backend, backend generates an CSRF-TOKEN and hands it over to the client by setting it as an HTTP response header. The client is required to submit this token on every state changing request in order to prevent cross-site request forgery.
Problem solved!
The reason I could not see my XSRF_TOKEN cookies was that in the test environment I was using http to access my ElasticBeanstalk environment. Once I generate an SSL certificate and accessed my instance using https, my lovely XSRF_TOKEN cookie appeared again!