tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Choosing the "right" session id
Date Thu, 01 May 2008 18:39:41 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Christopher Schultz wrote:
| The obvious solution is not to deploy the ROOT application as ROOT, but
| instead under some other prefix that does not confuse clients (and my
| apps) in this way. I'm wondering if anyone has any other brilliant ideas.

I have come up with another idea, just in case anyone happens to be
interested.

The usage patterns of these applications together are such that the ROOT
web application is only used some of the time -- mostly, /foo is being
used. When the / application is used, it is used to completion, and then
the user goes back to /foo for the rest of their interactions with our
webapps. Returning to the / application is basically considered an
entirely new interaction, so any loss of the JSESSIONID from a previous
interactions is acceptable.

My solution is therefore to write a filter that kills any JSESSIONID
cookie with path="/" and install it on /foo. That should mitigate the
problem in the short term while I prepare to re-locate the ROOT webapp.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgaDmwACgkQ9CaO5/Lv0PD1EQCcC3eveoryc09yDD9ziKCJ9DSu
SRcAoJe8ULIv7gQV9zz6Aqc51h6UF0o9
=4hMr
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message