tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yu Kikuchi <kikuchi...@jp.fujitsu.com>
Subject Re: Fix the cookie path with mod_jk
Date Fri, 22 Apr 2011 11:54:19 GMT
Hi All.
I'm sorry that my response is late.

I have examined about mod_rewrite.
And I understood that mod_rewrite can't touch the response header.
Thank you for the advices, Chris and Thomas.

 > Now the issue is : who is setting the cookie path ?

My application is setting the cookie path,
so the most reasonable way to resolve this problem is fix my apps.

But I'm going to take into consideration to update Apache
and to use mod_headers, too.
Because Apache 2.2.3 is old and many bugs are fixed in the latest version.

Thank you for your kindness.

Best regards,

(2011/04/21 14:44), Thomas Freitag wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi André,
>
> On 04/20/2011 12:53 AM, André Warnier wrote:
>>> Fixing/altering outgoing (response) headers is beyond the
>>> functionality of mod_rewrite. The other parts work with mod_rewrite,
>>> but mod_headers (with its edit functionality) is an important part in
>>> this use case.
>
>> Getting back to the original issue, Thomas seems to be right when he
>> says that if the cookie path is set to /foo, the browser will return it
>> also for URLs such as /foobar and /foofoo.
>>  From the Cookie RFCs, i gather that the cookie path is taken as a
>> *prefix*, and /foo is a prefix of /foobar.
>
> That point was statet by Yu...
>
>> Now the issue is : who is setting the cookie path ?  if it is the
>> application, and if this is a concern, then I would suggest to fix the
>> application.
>
> The container set the path, at least for the JSESSIONID cookie.
>
> Regards,
> - --
> Thomas Freitag
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAk2vxDwACgkQGE5pHr3PKuWp4ACeKI1BxAC+OUj6Z/kAcLml5hnC
> vTUAn1CLYnXua/hmFwNSA/o/Hs601Sd7
> =c1Yh
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message