tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Using a custom method of session-id propagation
Date Wed, 05 Mar 2008 17:04:45 GMT
Hash: SHA1


Tom van Wietmarschen wrote:
| What I want to change is how the session id is communicated to the
| client and back. Basically, I want to change the object that retrieves
| the session ID from the HTTP request and feeds it to the session
| manager.

That object /is/ the CoyoteAdapter, which is why I suggested it
originally. See my most recent post for a less intrusive possibility.

| The problem with both cookies and session id's in the URL is that we
| develop applications for use on cellphones. Cell network operators are a
| bunch of not-so-nice-people who sometimes feel the need to screw up HTTP
| traffic in their gateways, e.g. by messing with cookies and session ids.

Can you give us an example of what happens to your JSESSIONID cookie?

| There is no guarantee that the cookies that arrive on the handset are
| the same as the ones that have been sent out from our servers. Sometimes
| cookies go missing, standard HTTP headers are mutilated, etc.

That sucks. Is it selective? I mean... do you always get the GET line
correctly, just the others are hosed?

| The problem is that if the client
| sends the session ID to the server in a custom header, Tomcat needs to
| pick up that session id and use that when calling findSession. So who is
| calling findSession and is it something I can easily replace ?

Again, see my earlier post.

| Furthermore, as an additional difficulty, we only use sessions in a
| subset of our applications, so it would be preferrable if this is
| something we can enable on a per-application basis.

The solution I proposed can be enabled for all applications and it will
not interfere with normal operations.

- -chris
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message