tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Krüger <>
Subject Coyote Session-Handling
Date Tue, 13 Jan 2004 11:04:13 GMT


  we're currently porting a number of applications from Orion to Tomcat 
5 and I ran into a (not so dramatic) problem. I set up 2 virtual hosts 
(i.e. 2 Services) running on the same host but different port and 
deployed two web applications. Now it is not possible to use these two 
web applications simultaneously as they interfere with each other's 
session, i.e. the browser sends the JSESSIONID cookie to both sites 
(which is correct according to RFC 2109, I think, because they only 
differ in port) but Coyote considers the sent session ID invalid 
whenever I change from one application to the other and sets a new one 
effectively killing the session I had open in the other application.

Is that behaviour intentional? The code of CoyoteRequest.doGetSession 
looks as if that was the case. One possible solution for that would be 
to allow opening a new session under the JSESSIONID that was passed to 
the web application (in my case the second one accessed). Are you aware 
of any negative implications of that approach (I believe orion does it 
that way)?

In my case the current behaviour means that I cannot deploy frontend and 
backend of my application on the same host only differing in port, which 
of course can be overcome by using another host name but I would like to 
know if you think this limitation could be removed.

Thanks in advance,

Best regards,


Robert Krüger
Signal7 GmbH
Brüder Knauss Str. 79
64285 Darmstadt

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message