tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Fix the cookie path with mod_jk
Date Wed, 20 Apr 2011 14:23:49 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

André,

On 4/19/2011 6:53 PM, André Warnier wrote:
> Getting back to the original issue, Thomas seems to be right when he
> says that if the cookie path is set to /foo, the browser will return it
> also for URLs such as /foobar and /foofoo.
> From the Cookie RFCs, i gather that the cookie path is taken as a
> *prefix*, and /foo is a prefix of /foobar.

Tomcat must be wrong, then. Here's my JSESSIONID Set-Cookie header for
my app:

Set-Cookie: JSESSIONID=3EAEDD21FDBE65751822A60E3EC7C947; Path=/mywebapp

(note the lack of a trailing "/")

I think you are interpreting the spec wrong.

http://www.ietf.org/rfc/rfc2109.txt:

"
4.3.1  Interpreting Set-Cookie

   [...]

   Path   Defaults to the path of the request URL that generated the
          Set-Cookie response, up to, but not including, the
          right-most /.
"

All of the examples in the RFC use paths of the form "/foo" with no
trailing "/", so I suspect that there is an implied trailing "/" on the
path attribute.

The RFC says "prefix" everywhere but I believe in this context it means
"path-prefix" and not "string-prefix", which implies a path separator
between the prefix and whatever comes after it (or with /nothing/ after
the path-prefix, which is probably why they don't have trailing "/"
characters).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2u7HUACgkQ9CaO5/Lv0PAQlwCdEvxZ7qu4RCE0hhjwkj2FgEm9
sB0Anj7txTVztmDXVQ5n2Naea28PMaye
=y3zQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message