RES: Cookie problem max age problem - Best practice to solve it
Sorry Steve, one information isnt right! First, using Sniffer to monitor all http traffic, i found out one important news: the authentication app's plugin works with Session object instead of Cookie object. What kind of information would you like to receive about it? Does Session object work different between OC4J and TomCat? Euclides. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 1 de agosto de 2003 12:22 Para: 'Tomcat Users List' Assunto: RES: Cookie problem max age problem - Best practice to solve it Assunto: Re: RES: Cookie problem max age problem - Best practice to solve it the authentication app's plugin wasnt created by me, its only stored on TomCat to be used by my Java app. This plugin runs together with another app server, which completes the authentication process. After this process is completed ok, a cookie is created. So, when the user asks for logout, the plugin tries to delete the cookie, probably setting 0 to max age. If i work with OC4J, this steps runs fine and the user becomes abled to make another login request on the same browser instance, without needing to close it. But, if i work with TomCat, i need to close the browser instance and open another one to be sucessful. Needing help still. Regards, Euclides. This does not change any of the previous discussion. The problem hinges on the answers to two questions: What are the values used for domain, path, and name when the cookie is set? What are the values used for domain, path, and name when the cookie is deleted? If you can demonstrate that the same set of values are used in both cases, then this sounds like it would be a tomcat problem. You can examine the Set-Cookie headers sent by the server to see whether this is the case. Otherwise, this is an issue that should be raised with the vendor who provided the authentication plugin. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Cookie problem max age problem - Best practice to solve it
one information isnt right! First, using Sniffer to monitor all http traffic, i found out one important news: the authentication app's plugin works with Session object instead of Cookie object. What kind of information would you like to receive about it? Does Session object work different between OC4J and TomCat? Then you're in trouble. Session objects live within the memory of the JVM process where the servlet container is running. You aren't going to be able to share them between two different processes. Even within a single container, there are still limitations on sharing Session data; you can't share from one context to another. (See 7.3 Session Scope in the servlet specification). -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: Cookie problem max age problem - Best practice to solve it
thanks, Steve. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 4 de agosto de 2003 11:52 Para: 'Tomcat Users List' Assunto: Re: RES: Cookie problem max age problem - Best practice to solve it one information isnt right! First, using Sniffer to monitor all http traffic, i found out one important news: the authentication app's plugin works with Session object instead of Cookie object. What kind of information would you like to receive about it? Does Session object work different between OC4J and TomCat? Then you're in trouble. Session objects live within the memory of the JVM process where the servlet container is running. You aren't going to be able to share them between two different processes. Even within a single container, there are still limitations on sharing Session data; you can't share from one context to another. (See 7.3 Session Scope in the servlet specification). -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Cookie problem max age problem - Best practice to solve it
Thanks for your attention! The question stays alive because this plugin runs fine on OC4J(Oracle) environment, but its always a failure on Tomcat env. Any other help would be appreciated. Euclides. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 31 de julho de 2003 09:32 Para: '[EMAIL PROTECTED]' Assunto: Re: Cookie problem max age problem - Best practice to solve it From: Jose Euclides da Silva Junior - DATAPREVRJ Subject: Cookie problem max age problem - Best practice to solve it this question is very important to me. My application works with an external authentication app ( like a plugin).When the user is logged, a browser cookie is created. The problem stays whenever the user asks for a logout process and the external app tries to kill its cookie (created before by the app), probably setting cookie's max age to 0, i guess. But TomCat doesnt know that this cookie is already killed, because it just fetch the name and value. So, i would like any tips about best practice on solving this kind of problem. Cookie exchanges fall into one of two categories: - what the server sends to the client - what the client sends back to the server Tomcat wouldn't fetch the value; the client's browser sends it. Setting the max age of a cookie to zero is the proper way to delete a cookie. When doing the deletion, are you sure that the name, domain, and path values are identical to the ones used when the cookie was initially set? -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Cookie problem max age problem - Best practice to solve it
srevilak Setting the max age of a cookie to zero is the proper way to srevilak delete a cookie. When doing the deletion, are you sure that srevilak the name, domain, and path values are identical to the ones srevilak used when the cookie was initially set? jose Thanks for your attention! The question stays alive because this jose plugin runs fine on OC4J(Oracle) environment, but its always a jose failure on Tomcat env. Any other help would be appreciated. jose Euclides. It's perfectly okay for a cookie to be set by one application, then removed by another. What are the values used for domain, path, and name when the cookie is set? Most useragents provide a way to have the user prompted for each cookie. That would be a helpful thing to do in this case. What are the values used for domain, path, and name when the cookie is deleted? While domain and path are set when sending a cookie, the client only sends back the name and value pair (domain and path are used by the client in determining what cookies to send). As a result, something like this won't work deleteCookie.setDomain(cookieFromClient.getDomain()); hth. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: Cookie problem max age problem - Best practice to solve it
Steve, the authentication app's plugin wasnt created by me, its only stored on TomCat to be used by my Java app. This plugin runs together with another app server, which completes the authentication process. After this process is completed ok, a cookie is created. So, when the user asks for logout, the plugin tries to delete the cookie, probably setting 0 to max age. If i work with OC4J, this steps runs fine and the user becomes abled to make another login request on the same browser instance, without needing to close it. But, if i work with TomCat, i need to close the browser instance and open another one to be sucessful. Needing help still. Regards, Euclides. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 1 de agosto de 2003 10:11 Para: 'Tomcat Users List' Assunto: Re: RES: Cookie problem max age problem - Best practice to solve it srevilak Setting the max age of a cookie to zero is the proper way to srevilak delete a cookie. When doing the deletion, are you sure that srevilak the name, domain, and path values are identical to the ones srevilak used when the cookie was initially set? jose Thanks for your attention! The question stays alive because this jose plugin runs fine on OC4J(Oracle) environment, but its always a jose failure on Tomcat env. Any other help would be appreciated. jose Euclides. It's perfectly okay for a cookie to be set by one application, then removed by another. What are the values used for domain, path, and name when the cookie is set? Most useragents provide a way to have the user prompted for each cookie. That would be a helpful thing to do in this case. What are the values used for domain, path, and name when the cookie is deleted? While domain and path are set when sending a cookie, the client only sends back the name and value pair (domain and path are used by the client in determining what cookies to send). As a result, something like this won't work deleteCookie.setDomain(cookieFromClient.getDomain()); hth. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Cookie problem max age problem - Best practice to solve it
Assunto: Re: RES: Cookie problem max age problem - Best practice to solve it the authentication app's plugin wasnt created by me, its only stored on TomCat to be used by my Java app. This plugin runs together with another app server, which completes the authentication process. After this process is completed ok, a cookie is created. So, when the user asks for logout, the plugin tries to delete the cookie, probably setting 0 to max age. If i work with OC4J, this steps runs fine and the user becomes abled to make another login request on the same browser instance, without needing to close it. But, if i work with TomCat, i need to close the browser instance and open another one to be sucessful. Needing help still. Regards, Euclides. This does not change any of the previous discussion. The problem hinges on the answers to two questions: What are the values used for domain, path, and name when the cookie is set? What are the values used for domain, path, and name when the cookie is deleted? If you can demonstrate that the same set of values are used in both cases, then this sounds like it would be a tomcat problem. You can examine the Set-Cookie headers sent by the server to see whether this is the case. Otherwise, this is an issue that should be raised with the vendor who provided the authentication plugin. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cookie problem max age problem - Best practice to solve it
From: Jose Euclides da Silva Junior - DATAPREVRJ Subject: Cookie problem max age problem - Best practice to solve it this question is very important to me. My application works with an external authentication app ( like a plugin).When the user is logged, a browser cookie is created. The problem stays whenever the user asks for a logout process and the external app tries to kill its cookie (created before by the app), probably setting cookie's max age to 0, i guess. But TomCat doesnt know that this cookie is already killed, because it just fetch the name and value. So, i would like any tips about best practice on solving this kind of problem. Cookie exchanges fall into one of two categories: - what the server sends to the client - what the client sends back to the server Tomcat wouldn't fetch the value; the client's browser sends it. Setting the max age of a cookie to zero is the proper way to delete a cookie. When doing the deletion, are you sure that the name, domain, and path values are identical to the ones used when the cookie was initially set? -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cookie problem max age problem - Best practice to solve it
Hi guys, this question is very important to me. My application works with an external authentication app ( like a plugin).When the user is logged, a browser cookie is created. The problem stays whenever the user asks for a logout process and the external app tries to kill its cookie (created before by the app), probably setting cookie's max age to 0, i guess. But TomCat doesnt know that this cookie is already killed, because it just fetch the name and value. So, i would like any tips about best practice on solving this kind of problem. Thanks in advance, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]