tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus Reis" <>
Subject Re: multiple Set-Cookie headers in initial http response
Date Wed, 12 Nov 2008 09:56:47 GMT
> > Our Tomcat 5.5 sends 30 cookie
> > (cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod;
> > domain=null; path=/)
> Are they all identical?

No. They are ALL different (and they also differ from response to response)

> > and 900 Set-Cookie
> > (header=Set-Cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod;
> > Path=/; Secure) headers in the http response header back to the
> > external clients (during the initial http request/response).
> Same here: identical?

No. Each of the 30 DIFFERENT session id's from above are repeated thirty times.

> > The 900 Set-Cookie headers contain each "cookie" JSESSIONID thirty
> > times.
> That is crazy! How are you observing this behavior? LiveHTTPHeaders/http
> protocol sniffer? Wireshark/packet sniffer?

Yes it is crazy - I observed this using org.apache.catalina.valves.RequestDumperValve in my

> > If I submit the same request from my machine I get a only/as expected
> > one cookie and one Set-Cookie header back in the initial response.
> Er... what do you mean "from my machine"? What are you using when you
> get 900 Set-Cookie headers?

"My machine" is my PC at work. The requests where a repsonse with 900 SetCookie headers is
returned, are sent from PC's of our partners, which operate in one single network (and thus
all have the same IP, which is the IP of the partner network's proxy server). If I use some
other PC connected to the internet I have the same expected behaviour as from my PC at work.
So those responses are only/exclusively produced for requests coming from PC's of our partners.

GMX Download-Spiele: Preizsturz! Alle Puzzle-Spiele Deluxe ├╝ber 60% billiger.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message