tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arshad Mahmood" <>
Subject Problem with url session encoding - Tomcat 4.0.4 b2
Date Tue, 30 Apr 2002 10:12:48 GMT

I am writing an e-commerce application using tomcat and have come across a
minor issue with url session encoding. The problem is that if a valid
session id is available on the url then tomcat does not use cookies.

Here is my scenario :-

1. I have tomcat configured to use cookies for session id's if possible.
2. An access to the index.html of my site redirects via url encoding to
home/index.html. This causes the session to be sent both via the url and a
cookie, from here on tomcat knows it can use cookies and doesn't bother
adding the session id to the url when I use encodeURL.

3. If I close the browser and open a new browser and use the url history box
then the url that appears is home/index.html with the added url encoding
(because I redirected from the original index.html).
4. Because this url has a valid session id, tomcat now defaults to using the
url endoing method and doesn't even try to use a cookie for this browser

My problem is that I want tomcat to always try and use a cookie even when
using url encoding (unless it is already using a cookie). I realise it is a
pain for those users that have setup prompts before accepting cookies, but
in my case I would prefer an inconvenience to a small number of users and
not the vast variety of users seeing the session id on all their url's.

My own prefernce would be to overload the cookies parameter so that a value
of "force" would cause this behaviour and leave the existing semantics for
the already defined values.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message