struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: session ids cont...
Date Thu, 01 Feb 2001 21:48:07 GMT
Peter Alfors wrote:

> "Kramer, Gary" wrote:
>
> >
> >
> >
> > I had similiar problems.  You need to turn off the use of Cookies on
> > your server (in Tomcat this setting is in server.xml).   When the user
> > opens 2 browsers, they will always have different session ids in both
> > IE and Netscape since the first URL they will use will not have a
> > session id included.
> >
>
> How do I turn off the use of cookies in the server.xml?  I only see one
> location where cookies are mentioned.
>         <!-- Request processing -->
>         <!-- Session interceptor will extract the session id from
> cookies and
>              deal with URL rewriting ( by fixing the URL )
>           -->
>         <RequestInterceptor
>             className="org.apache.tomcat.request.SessionInterceptor" />
>
> Do I comment out this section?
>

For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults
to "false".  You need to set it to "true":

    <RequestInterceptor
        className="org.apache.tomcat.request.SessionInterceptor"
        noCookies="true"/>

NOTE:  Using URL rewriting does *not* catch every case of multiple windows
sharing session ids.  Consider that the user can right-click on a hyperlink
(containing the session id) and select "Open in New Window".  Because the
hyperlink being clicked had a session id in it already, the new window will
still be part of the old session -- so your app logic needs to be ready to
deal with this.

Craig McClanahan



Mime
View raw message