tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <tomcat-u...@johnturner.com>
Subject Re: Session tracking over redirections with multiple domain names
Date Thu, 15 May 2003 18:25:12 GMT

Agreed.  Newer browser versions do not allow third-party cookies by default 
(for IE, at least).  You have to explicitly allow them.  Each client has to 
explicitly allow them, there is nothing you can do on the server side apart 
from changing the domain name in the response to resolve this.

John

On Thu, 15 May 2003 10:28:40 -0700, John Corrigan <john@johncorrigan.net> 
wrote:

> Sounds like a security setting in the browswer.  Newer browsers don't 
> allow
> cooking to go to different domains than they were set in unless the 
> security
> setting has been changed by the user AFAIK.
>
> -----Original Message-----
> From: Gerrit Einhoff [mailto:gerein@gmx.de]
> Sent: Thursday, May 15, 2003 10:26 AM
> To: tomcat-user@jakarta.apache.org
> Subject: Session tracking over redirections with multiple domain names
>
>
> Hi.
>
> I got the following web application setup with Tomcat 4.0.3 behind Apache
> 1.3:
>
> JSP1 with a <form>
> --POST--> servlet
> --relative-redirect(response.sendRedirect())--> JSP2
>
> A session is supposed to be held over all three requests (JSP, servlet,
> JSP).
> The problem is that my host has multiple domain-names, but Tomcat sends 
> the
> redirect to the domain name that is configured in the <host>-tag in
> server.xml. This is no problem with URL-rewriting but looses the session 
> for
> JSP2 if cookies are used.
>
> Example:
>
> <host name="domain1.com">
> domain1.com and domain2.com both point to the same virtual server in 
> apache.
>
> browse to: http://domain2.com/JSP1
> submit form
> --> request: http://domain2.com/servlet
> servlet uses response.sendRedirect("JSP2");
> Tomcat sends:
> --> redirect: http://domain1.com/JSP2
>
> Now since the browser registered the cookie for domain2.com, it does not
> send
> it back for the JSP2 request. Therefore JSP2 requests a new cookie and
> looses
> the old session.
>
> Is there a way to tell Tomcat to use the same domain for redirect that 
> the
> request used? Is there another way to avoid this problem?
>
> I already experimented with the <Alias> field in <Host>, but I don't 
> really
> understand what it's good for... Can anybody explain?
>
> Thanks a lot, Gerrit
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message