tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Fix the cookie path with mod_jk
Date Wed, 20 Apr 2011 14:23:49 GMT
Hash: SHA1


On 4/19/2011 6:53 PM, André Warnier wrote:
> Getting back to the original issue, Thomas seems to be right when he
> says that if the cookie path is set to /foo, the browser will return it
> also for URLs such as /foobar and /foofoo.
> From the Cookie RFCs, i gather that the cookie path is taken as a
> *prefix*, and /foo is a prefix of /foobar.

Tomcat must be wrong, then. Here's my JSESSIONID Set-Cookie header for
my app:

Set-Cookie: JSESSIONID=3EAEDD21FDBE65751822A60E3EC7C947; Path=/mywebapp

(note the lack of a trailing "/")

I think you are interpreting the spec wrong.

4.3.1  Interpreting Set-Cookie


   Path   Defaults to the path of the request URL that generated the
          Set-Cookie response, up to, but not including, the
          right-most /.

All of the examples in the RFC use paths of the form "/foo" with no
trailing "/", so I suspect that there is an implied trailing "/" on the
path attribute.

The RFC says "prefix" everywhere but I believe in this context it means
"path-prefix" and not "string-prefix", which implies a path separator
between the prefix and whatever comes after it (or with /nothing/ after
the path-prefix, which is probably why they don't have trailing "/"

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message