tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gabriel Gajdos" <>
Subject Re: mod_auth_ntdom
Date Thu, 15 Aug 2002 10:10:56 GMT
| But I don't exactly get why u use the response.encodeURL method, can u
| elaborate a little bit on that?

Well... Try to search some info about cookies and session IDs (java, php or
else; it does not matter)...

But for now, very briefly:

In HTTP "session" exists only at server side (together with all other session
objects). Client (browser) only receives sessionID and with this ID it
identifies itself for a particular session.

When I authenticate in Tomcat, I send my login/pass information, and server
returns my "SessionID" as cookie. In every (!) HTTP request are cookies sent
together with request. And if server "finds" client's SessionID, it does not
need to authenticate user again...

Anyway: If your browser is not accepting cookies (or evaluation is incorrect
which was the case of my IE6) server is not able to set the cookie with
session ID. In Java we should use response.encodeURL method which:
"Encodes the specified URL by including the session ID in it, or, if encoding
is not needed, returns the URL unchanged. The implementation of this method
includes the logic to determine whether the session ID needs to be encoded in
the URL. For example, if the browser supports cookies, or session tracking is
turned off, URL encoding is unnecessary. " (taken from Tomcat 4.0.3 javadocs).

So in usual case, the method response.encodeURL("myfile.jsp") returns
"myfile.jsp". But if there is a problem with accepting cookies, this method
returns something like that "myfile.jsp;J_SESSIONID=123456789...". This is
called URL rewriting.

But in your case you should examine your mod_auth settings (is it stable
If the authentication is done by Apache, some things may be wrong there. I
have seen some URL rewriting directive in Apache, but I have never tried what
you are doing now.

First try to access a single page (like blank.html)... You should need to
login once.
Than try to access a page with one other link (an image od CSS). If you need
to login twice, your problem is 100% in user/login settings.


| The information contained in this e-mail is for the intended recipient
| only. If you have received this e-mail in error, please contact the sender
| immediately.  All material is to be treated as strictly confidential. The
| contents of this e-mail may not represent the views of SAS Hong Kong.

Really?!! I thought this newsgroup was archived at few servers worldwide
accessible to everyone...


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message