Problems with lost or “broken” authentication when browsing between UCM and ADF pages? Read below for a potential solution!
One of our clients has been a long-time user of WebCenter Content (formerly UCM) we recently upgraded them to the 11g platform. Following the upgrade, we developed a basic ADF application that would run in its own managed server. The application contained a data entry page, accessible via a link in UCM. At first glance it worked just fine…the ADF page opened up, and users were able to view and save details. However – after going back to UCM, your authentication/session was now invalidated! The only “fix” was to login to UCM again; if you had unsaved data on the UCM page it was effectively lost.
So it looked like merely opening the ADF page would invalidate your UCM session. We tried redeploying the ADF application to different managed servers, which didn’t help. We tried securing the ADF application, forcing users to login to the page – didn’t help either. Thinking it was a quirk of this particular application, we deployed a separate test app and noticed the same problem!
The fix was quite simple in the end – it was all down to browser cookies. The ADF application was writing over the UCM session cookie!
Turns out that UCM defaults to storing cookies in the root path of the client machine – this includes the session cookie, called JSESSIONID.
JSESSIONID just so happens to be the default name of any ADF application’s session cookie. So, if you don’t specify a custom cookie name in your ADF application (or a custom path) it will overwrite your UCM session cookie. Similarly, UCM will overwrite your ADF application’s session cookie once you log back in there!
To change the name and/or path of the ADF cookie, open up JDeveloper and find the application’s weblogic.xml file (located in your View Controller project, under Web Content/WEB-INF directory) and go to the Session tab.
Expand the Cookies panel to reveal the following:
By default, the Cookie Name will be blank. As explained in the ADF contextual help, this will give the session cookie a name of JSESSIONID. Enter a unique name for your application here and redeploy.
You can now open the ADF application without killing your UCM session – both cookies live alongside each other in perfect harmony…