tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lerenc, Vedran" <vedran.ler...@sapmarkets.com>
Subject RE: SessionMgmt: No Cookies sent - Instead only URL-Rewritting ac tive
Date Wed, 08 May 2002 06:41:30 GMT
Hi Brandon,

thanks a lot and I will try it, but still: What I don't understand is why
everything works fine with Tomcat 3.2.1 and IE 6.0. If it is just the IE 6.0
who doesn't accept cookies without a policy, why wasn't there a problem with
Tomcat 3.2.1? I would guess, that IE 6.0 is not interessested in the sender,
just in what it receives, so Catalina is behaving differently, isn't it? IE
6.0 could still accept cookies without a policy file, but Catalina is not
sending cookies if it finds no policy file. Coiuld that be? I will try.

Thanks again and best regards,

Vedran

> -----Original Message-----
> From: Brandon Cruz [mailto:bcruz@norvax.com]
> Sent: Dienstag, 7. Mai 2002 18:24
> To: Tomcat Users List
> Subject: RE: SessionMgmt: No Cookies sent - Instead only 
> URL-Rewritting
> active
> 
> 
> You are right.  With IE6, cookies must be accompanied by a 
> privacy policy,
> which is a basic xml file.  If this policy is not supplied, 
> then IE6 won't
> allow tomcat to even set a session cookie.
> 
> There is a place at w3c.org where you can answer a bunch of 
> questions and it
> will generate the policy for you and tell you how to use it.
> 
> 
> Brandon
> 
> -----Original Message-----
> From: Jeff [mailto:jefflists@tiaxa.net]
> Sent: Tuesday, May 07, 2002 10:22 AM
> To: Tomcat Users List
> Subject: Re: SessionMgmt: No Cookies sent - Instead only 
> URL-Rewritting
> active
> 
> 
> I've observed the same phenomenon.
> 
> It's just a theory, but I suspect it might have to do with 
> Internet Explorer
> 6 itself. I think Microsoft quietly changed IE6's default 
> cookie-acceptance
> behavior to automatically reject all cookies from sites not 
> meeting its
> criteria for auto-acceptance. Taking a wild guess, IE6 might now
> automatically reject cookies from sites accessed via IP 
> addresses that don't
> resolve to a hostname.
> 
> Another possibility: a few years ago, when anti-cookie 
> hysteria was being
> fanned by magazines eager to scare naive readers and people 
> were disabling
> cookies for stupid reasons (like thinking a "malevolent cookie" could
> reformat their hard drive), Microsoft quietly introduced a 
> special anonymous
> cookie-in-all-but-name ("session id") that persisted only for 
> the duration
> of a single session (I think it even went away if you browsed 
> to another
> site or were inactive for more than an hour), but could not 
> be disabled (so
> IIS could depend upon its availability and use it to track 
> users from page
> to page within the session and match the correct IIS session 
> variables with
> the right user).  I'm not sure whether Tomcat and other 
> servlet containers
> take advantage of it (or whether they'd even be ABLE to 
> without lying to the
> browser and pretending to be IIS), but I see two likely scenarios:
> 
> 1) Tomcat (and other servlet containers) can't/don't use the special
> anonymous session ID, and IE6 is now denying session-cookies 
> by default
> because something is triggering the behavior (non-resolvable IP, etc.)
> 
> 2) Tomcat (and other servlet containers) DO use MSIE session IDs when
> available, but IE6 now denies even THAT to sites that fail to meet its
> criteria for acceptablity (possibly holding sites openly 
> running a server
> other than IIS to a higher standard)
> 
> >I was using Tomcat 3.2.1 and switched to Catalina 4.0.3 
> (both on Windows
> >2000). Now my browser (IE6.0 on Windows 2000) gets no 
> cookies anymore. It
> >seems that the session management ist now handled using URL 
> rewritting and
> I
> >don't know why.
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:tomcat-user-help@jakarta.apache.org>
> 

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message