https://issues.apache.org/bugzilla/show_bug.cgi?id=56831
--- Comment #6 from Konstantin Kolinko <knst.koli...@gmail.com> --- 1) Guessing with a crystal ball I think ViewExpiredException means that you rely on cookies for session management and the session cookie has not been sent by the browser. 2) The RF-13731 issue mentioned that behaviour differs between browsers. (Firefox has the issue, Chrome does not). Is that true? Why are you not mentioning it? I am experimenting with the following configuration: - current Tomcat 7.0.x (~7.0.55) - Using the default examples webapp renamed to "ex-amples" - Firefox 31.0 - I am using built-in Network tool in Firefox to inspect HTTP headers of requests and responses (Tools menu > Web development > Network). The scenario is as following: 1. Access SessionExample page as [1] http://localhost:8080/ex%2Damples/servlets/servlet/SessionExample 2. I observe the following: 1) Firefox displays the URL in address bar as http://localhost:8080/ex-amples/servlets/servlet/SessionExample 2) Tomcat sends the following header: Set-Cookie: JSESSIONID=727BF492DC0D245BD0AD2D749EB1BD6D; Path=/ex-amples/; HttpOnly 3. If I access [1] again in either of the following ways: a) copy-pasting the above URL into the address bar b) refreshing the page (pressing F5 key on keyboard or clicking green reload button in the address bar) Firefox does not send Cookie header with the request. 4. If I go to address bar and press 'Enter' (Ctrl+L, Enter), Firefox uses '-' character in the request and sends Cookie header with the request. 1). The browser behaviour seems odd to me, but to properly judge it one has to look into applicable specifications and test with other browsers. It might be a browser bug. It might be different interpretation of a specification. Does the behaviour differ between browsers? 2). A well-known recommendation for web application authors is to apply HttpServletResponse.encodeURL() to their URLs. That is to ensure that their applications that require sessions can operate with browsers that do not support cookies. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
