tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 7588] - Session cannot be established if there are multiple session cookies
Date Fri, 21 Mar 2003 20:14:08 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7588>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7588

Session cannot be established if there are multiple session cookies





------- Additional Comments From peter@sigent.com  2003-03-21 20:14 -------
Yes, this is a BUG, and it seems that it is a serious bug, because probably at 
1% of sessions are lost with IE, when the session for some circumstances is 
invalidated but cookie is left non-expired, and after that the new session is 
generated and IE(6 and 5 for me) _ALWAYS_ sends two cookies JSESSIONID; but the 
first cookie is for invalid session, so tomcat treats that the session is new, 
although the second cookie contains the actual session id.

Also, I have read in Netscape Standard for Cookies 
(http://wp.netscape.com/newsref/std/cookie_spec.html for your reference):
----------
Instances of the same path and name will overwrite each other, with the latest 
instance taking precedence. Instances of the same path but different names will 
add additional mappings. 
----------
Well, I suppose this document is pretty old, but nor later RFCs (2109,2965) nor 
Servlet 2.3 Specification  does not contain any information about cookie 
priority, so it is a good thing to think about.

And I am very frustrated that this bug remains NEW for about a year - isn't it 
a buglist?? Yes, I know that Mr.Maucherat in a similar bug 10419 
(http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419) resolved this as 
WONTFIX, saying that he doesn't see any real use cases. Please, reconsider 
about this or at least say something.

Cinecerly,
  Peter.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message