tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Off topic:cookies nightmare!!!!!!!!
Date Mon, 29 Apr 2002 21:49:01 GMT


On Mon, 29 Apr 2002, pixel wrote:

> Date: Mon, 29 Apr 2002 17:42:13 -0400
> From: pixel <pixel@pixelfreak.net>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: Jregan@csatravelprotection.com
> Cc: Tomcat Users List <tomcat-user@jakarta.apache.org>,
>      "Struts Users (E-mail)" <struts-user@jakarta.apache.org>
> Subject: Re: Off topic:cookies nightmare!!!!!!!!
>
> John,
>
> I had a similar problem, which seem to be resovled by explicitly setting
> the path of the cookie to "/" before adding it to the response.
>
>     Cookie userCookie = new Cookie("U_ID", userId);
>     userCookie.setMaxAge(946080000);
>     userCookie.setPath("/");
>     httpResp.addCookie(userCookie);
>
> After reading the Servlet docs, it seems the behaviour for setting a
> cookie without first setting it's path is undefinded. I've found that
> with Tomcat, new Cookies use the current URL of the request instead of
> the "/" when a path is not specified. I also believe there may have been
> a few bugs with previous versions of Tomcat and Cookies which have been
> resolved with newer versions.
>

Setting the cookie path to "/" will cause this cookie to be sent back to
*all* web applications on your server, not just yours.  It is safer to set
the cookie path to return just to your web application:

  userCookie.setPath(request.getContextPath());

> Hope this helps,
>
> ~Scott

Craig


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message