tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: tomcat with jcaptcha
Date Mon, 07 Jul 2008 12:53:16 GMT

----- Original Message ----- 
From: "WILLIAMer" <>
To: <>
Sent: Monday, July 07, 2008 5:51 AM
Subject: tomcat with jcaptcha

> Hi! all,
> I have an application named "eCom" unnder the tomcat/webapps and using
> jcatpcha with the login page.
> I set the eCom becomes the root dir(path) with the server.xml.
> So, http://myDomain/ will equal http://myDomain/eCom/.
> And its seems ok and work with every page.
> But there is an error when I try to login. The jcaptcha give me an
> exception.
> "com.octo.captcha.service.CaptchaServiceException: Invalid ID, could not
> validat
> e unexisting or already validated captcha"
> So i try another login page with the http://myDomain/eCom/, but its work
> fine.
> In fact , the login page is the same.
> I think "http://myDomain/Login.jsp" and "http://myDomain/eCom/Login.jsp" 
> is
> the same.
> Because i set the dir "eCom" become my root dir.
> I dont know how this error cause?
> I try to google this exception , but no one likes me.

Ha ha... you nice guy.... difficult question ;)

Sessions dont share across webapps....

It sounds like you making duplicate webapps in different contexts... ie 
eCom, ROOT
Session will *not* move across....

Its easier to REDIRECT from ROOT to ecom/login.
Not have two webapps

If you *have to* try share sessions, then read about...
<Connector port="8080"   and the... emptySessionPath="true"
This will make "browser cookies" come back to all webapp.... not a good 
thing... slow

Then read up on
<Context  and the.... crossContext="true"

This allows one to pass data between webapps... so you can call across from 
one webapp to another and get captcha ID...

This is all more complicated than being Robert Mugabe's psychiatrist ;).... 
but google on this and you will learn...
If using Tomcat security... not possible to move authorization from one 
webapp to another....

Also read up on singletons... ie sharing data in common/lib.... its another 
way to share data across webapps.... and probably the best way if combined 
with you make your own path-less "/" cookie and use that....
So you can have one webapp and one servlet generating captcha images and get 
the ID... "check text" yourself.

The reason browser do not send back cookie information is that if they use a 
cookie path..... like  /webapp1 and it will not come back to /webapp2
But cookies *can* be made pathless...

I got my own captch software so dont know Jcaptcha... but you should ask 
this question to the JCatcha guys... its a common problem and maybe they 
have the answer... they have probably done it already... possibly through 
dB/singleton/cross context/shared file ... you see its hard problem... many 

You english is hard to understand.... but I thing the question is... "I got 
one webapp with a servlet generating captcha images... for all my other 
webapps... how to I share the "check text".... to do this I need to track a 
cookie across contexts... can JCaptcha do it?

.... but one thing you cant do, is just duplicate a webapp in /admin /root 
/eCom.... and think that the security and session will work across them... 
it wont.

Its not so much about the way Tomcat works... its about the way *browsers 

Good Luck...

ps: Think about this... this is the way we do captcha...

We generate many captcha images on disk *one time*.... the webapp picks one 
randomly.... say image_1500.gif and sends it... and the dB knows that image 
1500 is "Check Me".... thats small enuf to put in all webapps and a dB is 
happy to work across webapps.... each webapp has its own session... and 5 
lines of code ;)

The whole captcha problem starts when a "different" webapp is doing the 
"random selection"... this is also very quick, captcha takes a long time to 
generate.... and your linux server can be headless... because captcha 
generation needs the Java UI to work.... ;)

The most powerful application server on earth.
The only real POJO Application Server.
See it in Action :

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message