tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Ström <>
Subject Re: PATCH: Session ID from URL; would like some input!
Date Tue, 13 Oct 2009 22:26:54 GMT
On Oct 13, 2009, at 23:15 , Christopher Schultz wrote:

> Hash: SHA1
> Johan,
> On 10/13/2009 3:41 AM, Johan Ström wrote:
>> In catalina/connector/ and CoyoteAdaptor, we first  
>> check for
>> a sessino ID on the URL, store it in Request, and then we check  
>> for  a
>> cookie, and if we got one, we just overwrite the session ID from  
>> the URL.
> Is it acceptable to simply disable the use of cookies for your site
> entirely? Setting <Context cookies="false"> will disable the use of
> cookies altogether for your site. This would allow you to configure  
> your
> way out of this problem rather than coding your way out of it (at  
> least,
> until a more permanent cookie-friendly solution could be reached).

I'm afraid not, since the URL loaded is in the same app as the "main"  
app, just with a custom view. So as long as its per application, thats  
not a solution.

Anyway, I have tested my patch and I do have my own (now) custom built  
Tomcat, so using this solution is not a problem. Just wanted to get  
input from someone more experienced with the tomcat internals before I  
started more testing/deploying of this!

So, thanks for any input :)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message