tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Lucia" <timlu...@yahoo.com>
Subject RE: mod_rewrite losing session
Date Fri, 24 Feb 2006 21:12:09 GMT
Happens with mod_jk -- I am using that as well.  The issue is security.  You
(and I) are seeking to violate the rules, to a degree, and therein lies the
problem.

I suspect you can write a filter, that on the way out, replaces the
setCookie header with path=/ where path=/someContext, but I haven't tried it
yet.  I was hoping for a plugin or configuration option way of doing it.

Since I got no (helpful) response last time, and nobody has chimed in this
time, I don't think it is readily doable.

Tim
 

-----Original Message-----
From: Pete Lamborne [mailto:pete@maniatv.com] 
Sent: Friday, February 24, 2006 1:41 PM
To: Tomcat Users List
Subject: Re: mod_rewrite losing session

Hey Tim,
Thanks for the great response.  At least I know that I'm not missing
something really obvious.

I wonder if we could configure Tomcat to write the cookie without the
context?

Or if there is some other mechanism in httpd.conf that we could use to
control how the cookie gets set...

I find it hard to believe that alot of people have not run into this issue
yet.  Maybe everyone's still using mod_jk and have not migrated to
mod_proxy_ajp yet...

pete



Tim Lucia wrote:

>Yes.  I posted a similar question not long ago.  I wanted to know how 
>to preserve the session under exactly this case (my specific need was 
>to have a version in the Tomcat path, but hide that context / version 
>from the user.)
>
>I can tell you why it's NOT preserving it.  Tomcat sets the cookie 
>JSESSIONID for host=www.website.com, path /tomcatWebappName/someServlet.
>The browser sees the cookie for that path on the response (check - it 
>is set).  You then ask for /someServlet and there is no cookie with 
>that path (the hosts match, of course) and so the browser does not send 
>the cookie along.  No cookie (JSESSIONID), no session.
>
>Tim
>
>P.s. see 
>http://marc.theaimsgroup.com/?l=tomcat-user&m=113761657202592&w=2
>
>
>  
>
>>-----Original Message-----
>>From: Pete Lamborne [mailto:pete@maniatv.com]
>>Sent: Thursday, February 23, 2006 7:21 PM
>>To: Tomcat Users List
>>Subject: mod_rewrite losing session
>>
>>
>>Hi all,
>>I am having a problem when using mod_rewrite to hide the Tomcat 
>>webapp/context name, where it spawns a new session with each request.
>>
>>I am using apache2.2 and mod_proxy_ajp to dispatch the request and 
>>tomcat 5.5.9
>>
>>So if I try to send this URL: http://www.website.com/someServlet
>>
>>to
>>
>>http://www.website.com/tomcatWebappName/someServlet
>>
>>with mod_rewrite, it's a new session with every request.
>>
>>Any ideas?
>>thanks
>>pete
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message