tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose MarĂ­a Zaragoza <demablo...@gmail.com>
Subject Re: Multiple JSESSIONID
Date Fri, 01 Mar 2013 19:46:05 GMT
Thanks for your answers.

I wonder why browsers don't send only one JSESSIONID
If I request an URL as www.mydomain.com/app/myapplication/action.do
and it has got 2 cookies with the same name, one for www.mydomain.com/
and another for www.mydomain.com/app/myapplication/  , IMHO, that a
browser should send the most restrictive

Indeed, I don't know if there is some browser working like that.


Christopher,
if the browser sends a JSESSIONID to Tomcat and this JSESSIONID is not
tracked by the server , does any error happen ?  or is it created a
new session with a new identifier ?

Thanks and regards



2013/2/28 Caldarale, Charles R <Chuck.Caldarale@unisys.com>:
>> From: Nick Williams [mailto:nicholas@nicholaswilliams.net]
>> Subject: Re: Multiple JSESSIONID
>
>> > That's interesting. I would recommend a servlet filter that captures
>> > addCookie and friends to see where that "extra" one is being added.
>
>> The two JSESSIONIDs immediately above are in the request, so they're added
>> by the browser, not the server
>
> Unless the browser is part of a hacking attack, the JSESSIONID cookies originally came
from the server.  The filter would have to be applied to both the ROOT and /app/myapplication
contexts, so it might best be placed in conf/web.xml to cover all webapps.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and
is thus for use only by the intended recipient. If you received this in error, please contact
the sender and delete the e-mail and its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message