tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Cross <>
Subject Re: Unable to store a session with Tomcat 7 linux and Internet Explorer
Date Sat, 05 Feb 2011 01:33:32 GMT
Thanks very much Chris, Chuck, and Mark.  I did indeed have

org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true in my CATALINA_OPTS.

I remember setting that a long time ago to fix a problem, but I can't remember what it was.

I added org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false

as Mark suggested, and that fixed it right up.  Thanks again.


On 2/4/2011 5:35 PM, Mark Thomas wrote:
> On 04/02/2011 22:02, Brian Cross wrote:
>> Hello Tomcat experts, I am looking at going from Tomcat 6 to 7 on Linux
>> and ran into a strange issue.  I cannot get an http session to "stick"
>> when using Internet Explorer. A new session gets created every time you
>> load the test page in IE only.  I have verified this issue on IE 6, IE
>> 8, and IE9 beta. Chrome and Firefox work as expected. I am just trying
>> to get a session to stick, but in IE itcreates a new one for each
>> request. This does NOT happen when running Tomcat 7 on Windows.  Thanks
>> very much for your help!
>> My test code is just<h3>Session ID =<%=request.getSession().getId()%></h3>
>> Test URL (broken) on Tomcat 7:
>> Test URL (working) on Tomcat 6
>> Old Bug possibly related?
> Sort of.
> Tomcat 7 is stricter in enforcing various specifications including the
> cookie specification which states that / is not allowed in a cookie
> value unquoted. Unfortunately / gets used a lot in cookies in the path
> and if correctly quoted - i.e. path="/..."  - IE chokes. Not exactly a
> surprise considering just how badly IE adheres to the cookie specs. To
> avoid exactly the issue you are seeing, Tomcat 7 does not enforce this
> part of the specification by default.
> I suggest a careful read of the following Tomcat 7 docs
> with
> particular reference to
> org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR and
> org.apache.catalina. STRICT_SERVLET_COMPLIANCE. My guess is that you
> have set one or other of these to true.
> I usually run Tomcat with the following:
> org.apache.catalina. STRICT_SERVLET_COMPLIANCE=true
> org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message