tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: mod_rewrite losing session
Date Fri, 24 Feb 2006 21:32:58 GMT
The easiest thing would be to tell Tomcat to always use "/" as a path 
for the JSESSIONID cookie.
that should take care of it.
Filip

Tim Lucia wrote:
> Happens with mod_jk -- I am using that as well.  The issue is security.  You
> (and I) are seeking to violate the rules, to a degree, and therein lies the
> problem.
>
> I suspect you can write a filter, that on the way out, replaces the
> setCookie header with path=/ where path=/someContext, but I haven't tried it
> yet.  I was hoping for a plugin or configuration option way of doing it.
>
> Since I got no (helpful) response last time, and nobody has chimed in this
> time, I don't think it is readily doable.
>
> Tim
>  
>
> -----Original Message-----
> From: Pete Lamborne [mailto:pete@maniatv.com] 
> Sent: Friday, February 24, 2006 1:41 PM
> To: Tomcat Users List
> Subject: Re: mod_rewrite losing session
>
> Hey Tim,
> Thanks for the great response.  At least I know that I'm not missing
> something really obvious.
>
> I wonder if we could configure Tomcat to write the cookie without the
> context?
>
> Or if there is some other mechanism in httpd.conf that we could use to
> control how the cookie gets set...
>
> I find it hard to believe that alot of people have not run into this issue
> yet.  Maybe everyone's still using mod_jk and have not migrated to
> mod_proxy_ajp yet...
>
> pete
>
>
>
> Tim Lucia wrote:
>
>   
>> Yes.  I posted a similar question not long ago.  I wanted to know how 
>> to preserve the session under exactly this case (my specific need was 
>> to have a version in the Tomcat path, but hide that context / version 
>>     
> >from the user.)
>   
>> I can tell you why it's NOT preserving it.  Tomcat sets the cookie 
>> JSESSIONID for host=www.website.com, path /tomcatWebappName/someServlet.
>> The browser sees the cookie for that path on the response (check - it 
>> is set).  You then ask for /someServlet and there is no cookie with 
>> that path (the hosts match, of course) and so the browser does not send 
>> the cookie along.  No cookie (JSESSIONID), no session.
>>
>> Tim
>>
>> P.s. see 
>> http://marc.theaimsgroup.com/?l=tomcat-user&m=113761657202592&w=2
>>
>>
>>  
>>
>>     
>>> -----Original Message-----
>>> From: Pete Lamborne [mailto:pete@maniatv.com]
>>> Sent: Thursday, February 23, 2006 7:21 PM
>>> To: Tomcat Users List
>>> Subject: mod_rewrite losing session
>>>
>>>
>>> Hi all,
>>> I am having a problem when using mod_rewrite to hide the Tomcat 
>>> webapp/context name, where it spawns a new session with each request.
>>>
>>> I am using apache2.2 and mod_proxy_ajp to dispatch the request and 
>>> tomcat 5.5.9
>>>
>>> So if I try to send this URL: http://www.website.com/someServlet
>>>
>>> to
>>>
>>> http://www.website.com/tomcatWebappName/someServlet
>>>
>>> with mod_rewrite, it's a new session with every request.
>>>
>>> Any ideas?
>>> thanks
>>> pete
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>    
>>>
>>>       
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>  
>>
>>     
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message