tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Cannot retrieve session after visiting a different servletcontex t
Date Wed, 29 May 2002 05:49:20 GMT

On Wed, 29 May 2002, James Williamson wrote:

> Date: Wed, 29 May 2002 05:28:56 +0100
> From: James Williamson <>
> Reply-To: Tomcat Users List <>
> To: Tomcat Users List <>
> Subject: Re: Cannot retrieve session after visiting a different
>     servletcontex t
> ----- Original Message -----
> From: Phillip Morelock <>
> > > Set-Cookie: JSESSIONID=D4F42E4F346F947DDB409C0B8F6BDA19;Path=/
> > >
> > > However, telnetting to a context such as
> > > and I'll get this sent back:
> > >
> > > Set-Cookie: JSESSIONID=D128650F08DCF7B371FCC29E79E87AD7;Path=/context
> >
> > Of course, but do you know of a browser that actually respects the path
> > statement in this way?  It was my impression that there are always
> > collisions with an identically named cookie (JSESSIONID) but this could
> > easily be outdated knowledge on my part.  I have seen this before and just
> > worked around it, but it was some time ago.
> To be perfectly honest I don't know, although I would have thought the IE's
> and
> Netscapes would adhere to the spec, especially as far as I remember Netscape
> were
> instrumental in introducing cookies. It's be relatively easily to check, but
> I don't have
> the time...

If your client application does not respect the cookie RFCs, then you out
of luck -- you need to switch to a client that obeys all the correct
rules, or hack your servlet container to be non-standard to deal with the
idiosyncracies of your stupid client app.  By the way, any recent version
of IE or Netscape deals correctly with these issues, so they are not
"stupid" by this definition.

For the record, Tomcat sets the "path" parameter of session id cookies to
be equal to the context path of the web application that produced that
cookie, so spec-compliant clients have zero problems maintaining sessions
across multiple webapps at the same time (even with weird cases like
context paths "/foo" and "/foo/bar" that overlap).  If your client doesn't
obey the rules, there is nothing that Tomcat, or any other servlet
container, can do for you.

Of course, if you expect to see the *same* session in different apps, then
it is *your* expectations that need to be corrected, but that's a
different issue ...

> >
> > fillup

Craig McClanahan

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message