tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cris Berneburg - US <cberneb...@caci.com>
Subject RE: tomcat on windows 2012 weirdness
Date Thu, 18 Dec 2014 17:22:37 GMT
Chris

cb> I interpret this to mean that my local IE browser thinks the 
cb> intranet web site that I access either by name or by IP is actually
cb> 2 different sites in 2 different security zones.  I will try to 
cb> adjust my browser security settings and see if that makes any differences.

cs> That sounds plausible. If IE changes its cookie policy based upon those zones, then
you may have found the issue. I wonder if your local policy whitelists a certain IP range
but doesn't use hostnames, which may account for the difference.

Turning off IE Compatibility Mode for intranet sites did boost the request header User-Agent
from "Mozilla/4.0" to "Mozilla/5.0", but the browser still would not accept cookies.  I have
since found the source of the problem and the solution, which I will send in a follow-up message.

cs> Time to ask your webapp software vendor to fix their web application 
cs> so it can be used without cookies ;)

Ouch!  I *am* the software developer for this web application.  :-)

--
Cris Berneburg, Lead Software Engineer
CACI, IRMA Project, 703-679-5313


-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, December 17, 2014 5:41 PM
To: Tomcat Users List
Subject: Re: tomcat on windows 2012 weirdness

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Cris,

On 12/17/14 2:15 PM, Cris Berneburg - US wrote:
> Ameer (and Chris)
> 
> I discovered something else.  When accessing the internal web site by 
> name, it does not work right.  But when I access the web site by IP 
> address, it functions correctly!
> 
>> If you are using IE9, it has a very useful utility in its developer 
>> tool to capture network traffic. Few simple steps to capture it:
>> Press F12 --> Go to network tab--> start capturing You can 
>> save/export the captured data in an xml file and then can see 
>> everything going to-and-fro between your browser and server.
> 
>> Compare the traffic when you are communicating from localhost, which 
>> you say is working fine, with the traffic when you are accessing from 
>> an outside client. Pay special attention to the headers section of 
>> the HTTP calls.
> 
> Thanks for your suggestion.  I tried the IE9 Developer Tools trace, 
> and it was revealing.  I noticed something strange.
> Accessing the web server by IP, the User-Agent was "Mozilla/5.0", but 
> by server name User-Agent was "Mozilla/4.0".  There are other header 
> differences too.  By IP has the session and cookie info, but by name 
> does not - aha!  The "Accept" header was different also.
> 
> I interpret this to mean that my local IE browser thinks the intranet 
> web site that I access either by name or by IP is actually
> 2 different sites in 2 different security zones.  I will try to adjust 
> my browser security settings and see if that makes any differences.

That sounds plausible. If IE changes its cookie policy based upon those zones, then you may
have found the issue. I wonder if your local policy whitelists a certain IP range but doesn't
use hostnames, which may account for the difference.

Time to ask your webapp software vendor to fix their web application so it can be used without
cookies ;)

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUkgZyAAoJEBzwKT+lPKRYiw0QAIVq/Y8aO6JkXM0RQ4d2dWLX
4TDwVF0XI07uVa1QcvkgYxqdvd6pA4yOeZVbqDTv72gGG5gPnKVkqPTCp0lmoZ3m
SVxQ0fwSoJOFkzTVo8LMj/LtNYpMbgGr95S4uU7yEU9NvREYggEbD0npxVWt605Q
Z+WBvLoSCdmimEQFagCQDiqbx+daosd+Af+WUbP3DrKjT5aLj31CEp3hWzvjas3s
eYANOMe0bwf3s5oV1zcRHJLF9cO/mnFFn4ZTW8T9MFUJyYqgQg8rX7Kl5mynpiGt
SNOO3RF3IvEzosjMri0FKqrIvLL5TFt7cYvHKTWI0MH3eJERvAnV7HLFebfgaSVv
peBxNcNHTr0QLzmKbvM6ykF01xDfqxsBbOXz7CXb4XkHfj7JdoMSa/SuEWQIIc7X
vM5+Z4ObVF491VIq7AZBNLh/BwPVT8f5ot0QiFS234FeulfSqRH2rbDjHQhwP4Z0
bpVsmTyY9v2dJdmUZubTBOXgmKgyFSWInIEIEX6i7wQmJLeIU9fNflzg9/iqxxeb
WQtYu74SfP3MS79Fy6R/p1v4GxRIpSEIuE2Ovchnb9J3DXLkMKO03xcgu8IoupI9
OjHqjC6CnIV1XGS/cJL96bdAuPYvv3pvPloeT1u+gQ+3KdAf0/XJxBNPSFBOQZJ7
p7LIG+jYWMtX0x7pMWai
=KlDA
-----END PGP SIGNATURE-----


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message