tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose Euclides da Silva Junior - DATAPREVRJ <Jose.Eucli...@rj.previdenciasocial.gov.br>
Subject RES: RES: Cookie problem max age problem - Best practice to solve it
Date Fri, 01 Aug 2003 14:52:39 GMT
Steve,
the authentication app's plugin wasnt created by me, its only stored on
TomCat to be used by my Java app. This plugin runs together with another app
server, which completes the authentication process. After this process is
completed ok, a cookie is created. So, when the user asks for logout, the
plugin tries to delete the cookie, probably setting 0 to max age. If i work
with OC4J, this steps runs fine and the user becomes abled to make another
login request on the same browser instance, without needing to close it.
But, if i work with TomCat, i need to close the browser instance and open
another one to be sucessful.
Needing help still.
Regards, Euclides.   

-----Mensagem original-----
De: srevilak@g88.net [mailto:srevilak@g88.net]
Enviada em: sexta-feira, 1 de agosto de 2003 10:11
Para: 'Tomcat Users List'
Assunto: Re: RES: Cookie problem max age problem - Best practice to
solve it


srevilak> Setting the max age of a cookie to zero is the proper way to
srevilak> delete a cookie.  When doing the deletion, are you sure that
srevilak> the name, domain, and path values are identical to the ones
srevilak> used when the cookie was initially set?

jose> Thanks for your attention! The question stays alive because this
jose> plugin runs fine on OC4J(Oracle) environment, but its always a
jose> failure on Tomcat env.  Any other help would be appreciated.
jose> Euclides.

It's perfectly okay for a cookie to be set by one application, then
removed by another.

What are the values used for domain, path, and name when the cookie is
set?  Most useragents provide a way to have the user prompted for each
cookie.  That would be a helpful thing to do in this case.

What are the values used for domain, path, and name when the cookie is
deleted?

While domain and path are set when sending a cookie, the client only
sends back the name and value pair (domain and path are used by the
client in determining what cookies to send).  As a result, something
like this won't work

  deleteCookie.setDomain(cookieFromClient.getDomain());

hth.

-- 
Steve

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Mime
View raw message