tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <>
Subject Re: session id cookies
Date Fri, 04 Jan 2008 12:40:32 GMT
Bill Barker wrote:
> "Paul Singleton" <> wrote in message 
>> If I set
>>    <Context cookies="false" ... >
>> will Tomcat ignore any JSESSIONID cookie which
>> accompanies a request?  Should it?
> With any of the released versions, it won't ignore the cookie if the browser 
> sends one.  There is a patch in the SVN that causes at least TC 6 to ignore 
> the cookie, but it seems to be buggy.  More info at 
> As to "should", IMHO the cookies="false" should be more of a hint (like in 
> the released versions of Tomcat), but I'm in the minority here.

Thanks for the info.  We were experimenting with a wholly
URL-encoding version of an app (this appeals for various
reasons) but on switching between them, found that a left-
-over session cookie broke the "no cookies" version.

Given the long-established, disputed behaviour of the
"cookies" attribute, we'd be happy with an additional
"cookiesIgnore" attribute (and no change to "cookies")

Paul S.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message