Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 47704 invoked from network); 24 Feb 2006 21:33:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 Feb 2006 21:33:22 -0000 Received: (qmail 93614 invoked by uid 500); 24 Feb 2006 21:33:08 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 93598 invoked by uid 500); 24 Feb 2006 21:33:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 93587 invoked by uid 99); 24 Feb 2006 21:33:07 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 13:33:07 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [206.123.111.90] (HELO mail.loukasmgmt.com) (206.123.111.90) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 13:33:06 -0800 Received: (qmail 12225 invoked by uid 510); 24 Feb 2006 15:32:34 -0600 Received: from unknown (HELO ?192.168.3.108?) (fhanik@halosg.com@71.252.253.242) by mail.loukasmgmt.com with SMTP; 24 Feb 2006 15:32:34 -0600 Message-ID: <43FF7B8A.2080006@hanik.com> Date: Fri, 24 Feb 2006 15:32:58 -0600 From: Filip Hanik - Dev Lists User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: mod_rewrite losing session References: <00ad01c63986$f9b0c3f0$3a0119ac@tim> In-Reply-To: <00ad01c63986$f9b0c3f0$3a0119ac@tim> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N The easiest thing would be to tell Tomcat to always use "/" as a path for the JSESSIONID cookie. that should take care of it. Filip Tim Lucia wrote: > Happens with mod_jk -- I am using that as well. The issue is security. You > (and I) are seeking to violate the rules, to a degree, and therein lies the > problem. > > I suspect you can write a filter, that on the way out, replaces the > setCookie header with path=/ where path=/someContext, but I haven't tried it > yet. I was hoping for a plugin or configuration option way of doing it. > > Since I got no (helpful) response last time, and nobody has chimed in this > time, I don't think it is readily doable. > > Tim > > > -----Original Message----- > From: Pete Lamborne [mailto:pete@maniatv.com] > Sent: Friday, February 24, 2006 1:41 PM > To: Tomcat Users List > Subject: Re: mod_rewrite losing session > > Hey Tim, > Thanks for the great response. At least I know that I'm not missing > something really obvious. > > I wonder if we could configure Tomcat to write the cookie without the > context? > > Or if there is some other mechanism in httpd.conf that we could use to > control how the cookie gets set... > > I find it hard to believe that alot of people have not run into this issue > yet. Maybe everyone's still using mod_jk and have not migrated to > mod_proxy_ajp yet... > > pete > > > > Tim Lucia wrote: > > >> Yes. I posted a similar question not long ago. I wanted to know how >> to preserve the session under exactly this case (my specific need was >> to have a version in the Tomcat path, but hide that context / version >> > >from the user.) > >> I can tell you why it's NOT preserving it. Tomcat sets the cookie >> JSESSIONID for host=www.website.com, path /tomcatWebappName/someServlet. >> The browser sees the cookie for that path on the response (check - it >> is set). You then ask for /someServlet and there is no cookie with >> that path (the hosts match, of course) and so the browser does not send >> the cookie along. No cookie (JSESSIONID), no session. >> >> Tim >> >> P.s. see >> http://marc.theaimsgroup.com/?l=tomcat-user&m=113761657202592&w=2 >> >> >> >> >> >>> -----Original Message----- >>> From: Pete Lamborne [mailto:pete@maniatv.com] >>> Sent: Thursday, February 23, 2006 7:21 PM >>> To: Tomcat Users List >>> Subject: mod_rewrite losing session >>> >>> >>> Hi all, >>> I am having a problem when using mod_rewrite to hide the Tomcat >>> webapp/context name, where it spawns a new session with each request. >>> >>> I am using apache2.2 and mod_proxy_ajp to dispatch the request and >>> tomcat 5.5.9 >>> >>> So if I try to send this URL: http://www.website.com/someServlet >>> >>> to >>> >>> http://www.website.com/tomcatWebappName/someServlet >>> >>> with mod_rewrite, it's a new session with every request. >>> >>> Any ideas? >>> thanks >>> pete >>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>> For additional commands, e-mail: users-help@tomcat.apache.org >>> >>> >>> >>> >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org