tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Tomcat and MS LDAP Configuration Problem
Date Wed, 14 Sep 2011 20:13:49 GMT
2011/9/14 Rudy Gireyev <rgireyev@gmail.com>:
> Thank you P for the response. I admit I don't 100% understand what you mean by
> "Sounds like the session isn't being maintained in between requests."
> Is this something that I'm doing wrong? Or is this something outside
> of my control?
>
> The strange thing is that this very same code works just fine and is
> able to interact with the session just fine when the url-pattern is
> /jsp/*. However as soon as the pattern is changed to /* the session
> becomes unusable.

In short:
1. When session cookie is created in recent versions of Tomcat,  the
Path parameter in it is set to   webappName + "/".

2. Requests to "webappName" are usually automatically redirected to
"webappName + /" (Tomcat sends response code 302),

but in some rare configurations this redirect does not happen.
I do not remember what exactly are the circumstances, but I think that
this involved a servlet that is mapped to "/*", and maybe absence of a
welcome page.


If your servlet reacts to request to "webappName", then the
sessionCookie with Path of "webappName + "/"" woundn't be sent by
browser when it repeats the request.

The reason for appending "/" to the session cookie path is that
otherwise some web browsers do send cookies set by "foo" webapp when
client requests "foobar", and that is insecure.


It should be possible to explicitly configure the Path attribute of
the session cookie using cookie-config element in web.xml.  See
cookie-configType in
http://java.sun.com/xml/ns/javaee/web-common_3_0.xsd

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message