tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Corrigan" <j...@johncorrigan.net>
Subject RE: Session tracking over redirections with multiple domain names
Date Thu, 15 May 2003 17:28:40 GMT
Sounds like a security setting in the browswer.  Newer browsers don't allow
cooking to go to different domains than they were set in unless the security
setting has been changed by the user AFAIK.

-----Original Message-----
From: Gerrit Einhoff [mailto:gerein@gmx.de]
Sent: Thursday, May 15, 2003 10:26 AM
To: tomcat-user@jakarta.apache.org
Subject: Session tracking over redirections with multiple domain names


Hi.

I got the following web application setup with Tomcat 4.0.3 behind Apache
1.3:

JSP1 with a <form>
--POST--> servlet
--relative-redirect(response.sendRedirect())--> JSP2

A session is supposed to be held over all three requests (JSP, servlet,
JSP).
The problem is that my host has multiple domain-names, but Tomcat sends the
redirect to the domain name that is configured in the <host>-tag in
server.xml. This is no problem with URL-rewriting but looses the session for
JSP2 if cookies are used.

Example:

<host name="domain1.com">
domain1.com and domain2.com both point to the same virtual server in apache.

browse to: http://domain2.com/JSP1
submit form
--> request: http://domain2.com/servlet
servlet uses response.sendRedirect("JSP2");
Tomcat sends:
--> redirect: http://domain1.com/JSP2

Now since the browser registered the cookie for domain2.com, it does not
send
it back for the JSP2 request. Therefore JSP2 requests a new cookie and
looses
the old session.

Is there a way to tell Tomcat to use the same domain for redirect that the
request used? Is there another way to avoid this problem?

I already experimented with the <Alias> field in <Host>, but I don't really
understand what it's good for... Can anybody explain?

Thanks a lot, Gerrit




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message