I am experimenting with setting the cookie path in my application's web.xml (as suggested here) to:

我在我的应用程序的web.xml设置Cookie路径（如建议尝试在这里）到：

<session-config>
    <cookie-config>
        <path>/</path>
    </cookie-config>
</session-config>

So I deploy two identical web applications to localhost:8080/application-aand localhost:8080/application-brespectively.

所以我分别向localhost:8080/application-a和部署了两个相同的 Web 应用程序localhost:8080/application-b。

Each application is a single servlet:

每个应用程序都是一个 servlet：

public class ControllerServlet extends HttpServlet{
  @Override
  public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
      HttpSession session = req.getSession(false);

      if (session == null) {
          session = req.getSession(true);
          System.out.printf("No session was present - new one created with JSESSIONID=[%s]\n", session.getId());
      } else {
          System.out.printf("JSESSIONID cookie was present and HttpSession objects exists with JSESSIONID=[%s]\n", session.getId());
      }
  }
}

I deploy the apps to a Tomcat 8.5 container (tried with Tomcat 9 as well the behavior is the same). When I visit with my browser the application-a, here's what I see:

我将应用程序部署到 Tomcat 8.5 容器（尝试使用 Tomcat 9 以及行为是相同的）。当我使用浏览器访问 时application-a，我看到的是：

… and on the Tomcat logs I read:

……在 Tomcat 日志上，我读到：

No session was present - new one created with JSESSIONID=[A227B147A4027B7C37D31A4A62104DA9]

So far so good. When I then visit application-bhere's what I see:

到现在为止还挺好。当我访问application-b这里时，我看到的是：

… and the Tomcat logs show:

… Tomcat 日志显示：

No session was present - new one created with JSESSIONID=[5DC8554459233F726628875E22D57AD5]

This is also very well as explained hereand also in this answerand I quote:

这也很好地解释了here和this answer，我引用：

SRV.7.3 Session Scope

HttpSession objects must be scoped at the application (or servlet context) level. The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container.

SRV.7.3 会话范围

HttpSession 对象的范围必须在应用程序（或 servlet 上下文）级别。底层机制，例如用于建立会话的 cookie，对于不同的上下文可以是相同的，但是引用的对象，包括该对象中的属性，绝不能由容器在上下文之间共享。

So even though on the request the JSESSIONIDcookie was present, my application (the one deployed in application-b) was unable to find an HttpSession object in its own servlet context scopeand so a new session object was created and a new value was assigned to the JSESSIONIDcookie.

因此，即使在请求JSESSIONID中存在 cookie，我的应用程序（部署在 中的应用程序application-b）也无法在其自己的 servlet 上下文范围内找到 HttpSession 对象，因此创建了一个新的会话对象，并为JSESSIONIDcookie分配了一个新值。

However, when I now go back to my application-aI find out that because of the /value configured for the cookie path, it is now trying to use the JSESSIONIDvalue set by application-band of course its servlet doesn't find such a session object in its own context (application-a) and so a new value for the JSESSIONIDcookie is created which will in turn invalidate the session of the application-bapplication and so on and so forth ad infinitum as I switch back and forth between the two applications.

然而，当我现在回到我的时候，application-a我发现由于/为 cookie 路径配置的值，它现在试图使用JSESSIONID设置的值application-b，当然它的 servlet 在它自己的上下文中没有找到这样的会话对象( application-a) 等JSESSIONIDcookie的新值被创建，application-b当我在两个应用程序之间来回切换时，该值将反过来使应用程序的会话无效等等。

So my questions are:

所以我的问题是：

1given the above behavior it would seem impossible for two applications to use the same JSESSIONIDcookie value as the key to their respective HttpSession objects. So in fact not only are the HttpSession objects always different and scoped at the application (servlet context) level but also, in practice, the JSESSIONIDvalues have to be different. Is that correct?

1鉴于上述行为，两个应用程序似乎不可能使用相同的JSESSIONIDcookie 值作为其各自 HttpSession 对象的键。因此，事实上，不仅 HttpSession 对象总是不同的，并且范围在应用程序（servlet 上下文）级别，而且在实践中，JSESSIONID值也必须不同。那是对的吗？

2If so, then why does the servlet specification use the wording:

2如果是这样，那么 servlet 规范为什么使用以下措辞：

The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts [...]

底层机制，例如用于建立会话的 cookie，对于不同的上下文可以相同 [...]

The only way I can imagine the above could be accomplished would be to have a way to hardcodedly provide the JSESSIONIDvalue to use when a new session object is created? But I don't see an API for that.

我可以想象以上可以完成的唯一方法是有一种方法来硬编码提供在JSESSIONID创建新会话对象时使用的值？但我没有看到相关的 API。

3Is there a way I can have some other cookies be shared among applications using the /path in the <session-config> XML element but not have the /path apply to the JSESSIONIDcookie? In other words does the <session-config> apply to all cookies of an application or only the cookie used for session tracking? (JSESSIONID) ?

3有没有办法可以使用/<session-config> XML 元素中的路径在应用程序之间共享其他一些 cookie，但不能将该/路径应用于JSESSIONIDcookie？换句话说， <session-config> 是应用于应用程序的所有 cookie 还是仅用于会话跟踪的 cookie？( JSESSIONID) ?