tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David <turntwo...@gmail.com>
Subject Re: unexpected session behavior in Tomcat 5.x
Date Sun, 29 Apr 2007 00:22:45 GMT
I've tried forcing the url rewriting behavior by deploying the following
snippet in a context.xml file in my webapp's META-INF directory.

<Context path="/mywebapp debug="10" cookies="false">

    <!-- Default set of monitored resources -->
    <WatchedResource>WEB-INF/web.xml</WatchedResource>

    <!-- Uncomment this to disable session persistence across Tomcat
restarts -->
    <!--
    <Manager pathname="" />
    -->

</Context>

This provides a work-around under Tomcat 5.5, but does not change the
behavior seen under Tomcat 5.0.  And of course, Tomcat 5.0 is the version we
ship our product with. :)  I've also tried taking the snippet and adding it
to Tomcat 5.0's server.xml file, but that also does not force url rewriting.

So there seem to be two issues.  First, when url encoding produces cookies,
why does the request to the servlet in step 2) not transmit the cookie and
reuse the same original session, but it is sent and reused in step 3)?

Second, why does the configuration for turning off cookies not work under
Tomcat 5.0?

Thanks, again.
David

On 4/28/07, Rashmi Rubdi <rashmi.sub@gmail.com> wrote:
>
> On 4/28/07, David <turntwo463@gmail.com> wrote:
> > Rashmi,
> >
> > Thanks for your initial response.  I guess I wasn't clear on a few
> things.
> > The behavior I'm seeing is the same in both Tomcat 5.0 and 5.5, and they
> are
> > both configured the same -- using default behavior for cookies.
>
> Sorry for repeating this, but just to be clear, in the above
> statement, default behavior means that cookies="true".
>
> This means that in the browser when cookies are enabled, JSESSION id
> will be written to a cookie.
>
> > I should elaborate further and mention that the urlEncode method causes
> url
> > rewriting to occur.  So a cookie does not appear in my client browser
> > (verified with a cookie viewer for IE).  Despite this apparent lack of
> > client side cookie, when doGet is invoked in step 3) Tomcat exposes a
> cookie
> > object with the session id of Session1 off of the HttpServletRequest
> object
>
> What happens if you set cookies="false" ?
>
> > and has stripped off the Session 2 session id on the encoded URL from
> step
> > 2).
> >
> > David
> >
>
> -Regards
> Rashmi
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message