subject:"IE 5 on Mac is incompatible with TC 4\?"

RE: Keep-Alive. Was: IE 5 on Mac is incompatible with TC 4?

2002-03-10 Thread Rob Cartier


I am trying to use encodeURL for all my href's and login page
but I get:

Apache Tomcat/4.0.2 - HTTP Status 400 - Invalid direct reference to form
login page




type Status report

message Invalid direct reference to form login page

description The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page).

If session cookies are off. Any ideas how to fix this mess ?



loginpage.jsp








Southern New England Army Mars
Secure Site




<%
 System.out.println("JSP==> " + request.getRemoteUser() + "|" +
request.getRequestURI()  + "|" + request.getRemoteAddr() + "|" + new
java.util.Date().toString() + "|" + request.getHeader("User-Agent") );
%>

<%
String url = "j_security_check;jsessionid=" + session.getId();
%>

Login page 


 
Username:

 
 
Password:

 
 
 

 






-Original Message-
From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
Sent: Sunday, March 10, 2002 11:22 AM
To: Tomcat Users List
Subject: Keep-Alive. Was: IE 5 on Mac is incompatible with TC 4?


Rob,
I'm not sure I understand what you want, but regarding session cookies,
IE5/Mac and SSL, I think that the problem is that TC 4 does not seem to
automatically support persistant TCP-connections which both gives bad
performance, and confuses at least one browser to the extent that it
stops sending cookie data.

Anders

- Original Message -
From: "Rob Cartier" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Sunday, March 10, 2002 13:14
Subject: RE: IE 5 on Mac is incompatible with TC 4?


How would you do that if you are using Form authentication
and the web.xml file directs them to a loginpage before they
access the index.jsp

Have the same problem and found that If they accept session cookies
then all is ok

Your help would be greatly appreciated.



-Original Message-----
From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 7:04 AM
To: Tomcat Users List
Subject: SSL: IE 5 on Mac is incompatible with TC 4?


Now i have digged a little bit further in this.
The IE 5 Mac missing session cookie problem only occurs when using SSL.
Too bad our app needs SSL.

Anders

- Original Message -----
From: "Anders Rundgren" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 11:27
Subject: IE 5 on Mac is incompatible with TC 4?


Hi,
I have a Tomcat app using sessions based on cookies (i.e. std way) that
works with a huge set of browsers and OSes.

But on Mac using IE 5 it does not.  The culprit seems to be that session
cookies are not compatible in some way as they are not visible in
TC.

Is this a known problem?

BTW, the configuration is Apache on Linux, using ajp1.3 and TC 4.0.2

cheers,
Anders R


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Keep-Alive. Was: IE 5 on Mac is incompatible with TC 4?

2002-03-10 Thread Anders Rundgren


Rob,
I'm not sure I understand what you want, but regarding session cookies,
IE5/Mac and SSL, I think that the problem is that TC 4 does not seem to
automatically support persistant TCP-connections which both gives bad
performance, and confuses at least one browser to the extent that it
stops sending cookie data.

Anders

- Original Message - 
From: "Rob Cartier" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Sunday, March 10, 2002 13:14
Subject: RE: IE 5 on Mac is incompatible with TC 4?


How would you do that if you are using Form authentication
and the web.xml file directs them to a loginpage before they
access the index.jsp

Have the same problem and found that If they accept session cookies
then all is ok

Your help would be greatly appreciated.



-Original Message-
From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 7:04 AM
To: Tomcat Users List
Subject: SSL: IE 5 on Mac is incompatible with TC 4?


Now i have digged a little bit further in this.
The IE 5 Mac missing session cookie problem only occurs when using SSL.
Too bad our app needs SSL.

Anders

- Original Message - 
From: "Anders Rundgren" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 11:27
Subject: IE 5 on Mac is incompatible with TC 4?


Hi,
I have a Tomcat app using sessions based on cookies (i.e. std way) that
works with a huge set of browsers and OSes.

But on Mac using IE 5 it does not.  The culprit seems to be that session
cookies are not compatible in some way as they are not visible in
TC.

Is this a known problem?

BTW, the configuration is Apache on Linux, using ajp1.3 and TC 4.0.2

cheers,
Anders R


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: IE 5 on Mac is incompatible with TC 4?

2002-03-10 Thread Rob Cartier


How would you do that if you are using Form authentication
and the web.xml file directs them to a loginpage before they
access the index.jsp

Have the same problem and found that If they accept session cookies
then all is ok

Your help would be greatly appreciated.



-Original Message-
From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 7:04 AM
To: Tomcat Users List
Subject: SSL: IE 5 on Mac is incompatible with TC 4?


Now i have digged a little bit further in this.
The IE 5 Mac missing session cookie problem only occurs when using SSL.
Too bad our app needs SSL.

Anders

- Original Message - 
From: "Anders Rundgren" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 11:27
Subject: IE 5 on Mac is incompatible with TC 4?


Hi,
I have a Tomcat app using sessions based on cookies (i.e. std way) that
works with a huge set of browsers and OSes.

But on Mac using IE 5 it does not.  The culprit seems to be that session
cookies are not compatible in some way as they are not visible in
TC.

Is this a known problem?

BTW, the configuration is Apache on Linux, using ajp1.3 and TC 4.0.2

cheers,
Anders R


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Keep-Alive dead? Was: IE 5 on Mac is incompatible with TC 4?

2002-03-09 Thread Anders Rundgren


Dave,

>Perhaps there is something in the configuration of your server (server.xml),
>or its default webapp settings (conf/web.xml), or the configuration of your
>webapp (WEB-INF/web.xml) that is causing the session cookie to be set as a
>secure cookie.

There is one thing that differs between the TC and IIS-headers I supplied:
TC does Connection: Close while IIS does Connection: Keep-Alive.
This could very well be the reason why ";Secure" is added (which *may*
be the culprit although IE 5/Mac ought to be capable of handling this) as
a closed-down connection loses its security context which requires this
explicit marking of the cookies' secure origin.  I guess...

>If you're only responding to HTTPS, then you probably don't need to set the
>Secure flag on the cookie anyway.  I would bet that if you can find a way to
>get tomcat not to set that flag, your problem may go away.

I have not found anything in this area that can be configured.  A google
search revealed that TC requires HTTP 1.1 to support Keep-Alive but
when I do "Netstat" using NN 6.2 and IE 5 on W2K, I see no sign of any
keep-alives, just huge amounts of dead or dying TCP connections!

Anders



--
To unsubscribe:   
For additional commands: 
Troubles with the list:

AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ralph Einfeldt


Just to list the possible sources:

- Tomcat doesn't send the cookie
  Unlikely, as it works with other browsers
- Tomcat send it in a format that this version of ie doesn't recognize
  Two variants for this
  - The header contains/misses something that makes this version of IE
fail.
  - Something tomcat creates garbage on some headers when encrypting it 
- This version of IE doesn't send the cookie
  Nobody but MS can do anything about it.
- This version of IE sends the cookies in format that tomcat doesn't
recognise
  - The header contains somthings that hinders tomcat to decrypt the
cookie correctly
  - The decrypted header contains somthings that hinders tomcat to read
the cookie
  This doesn't mean that it must be a fault of the IE. It's possible
that
  tomcat has a bug that just has an effect if certain (legal) bytes are
present in 
  the header.

As this happens with SSL, it's hard to debug. (Watching the network
to see who sends which cookies doesn't work)

The only point where you can debug is the tomcat sources to look at the
tomcat 
generated header just before it is encryped and to look at the IE
generated header 
directly after it is encryted.
To do that you would have to look at the raw data that was sent. To look
at the header 
with the servlet API can be to late. If tomcat somehow didn't recognize
a header you 
won't know if it wasn't sent or if tomcat just didn't recognizee it.


> -Ursprüngliche Nachricht-
> Von: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 17:37
> An: Tomcat Users List
> Betreff: Re: IE 5 on Mac is incompatible with TC 4?
> 
> 
> Dave,
> 
> 
> >The system described above relies on correct behavior of 
> cookies on the Mac
> >in IE, and it works for us.  I don't know if any behavior on 
> the Tomcat side
> >has changed since 4.0.1, but I would tend to doubt it.
> 
> That's nice to hear :-|
> 
> >Why are you using a secure cookie for the session cookie?  
> Do you need to?
> 
> 1. We tested this exclusively over HTTPS.  For HTTP things work OK:
> 
> 2. Actually, we do absolutely nothing but "request.getSession()" which
> triggers the session-mechanism according to my fellow developer.  I.e.
> we don't handle cookies ourselves, we rely on Tomcat's handling which
> has worked fine until we started to mess with Mac and IE 5.
> 
> >If so, you can't expect the session to remain intact across 
> HTTP and HTTPS
> >requests.  Any browser that DOES send a secure cookie over a 
> straight HTTP
> >request is dangerously out of spec.
> 
> Note, we don't switch between HTTP and HTTPS, but you are 
> right in your
> comment.
> 
> cheers,
> Anders
> 
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 
> 
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Dave Makower

On 3/8/02 11:36 AM, "Anders Rundgren" <[EMAIL PROTECTED]> wrote:
> 2. Actually, we do absolutely nothing but "request.getSession()" which
> triggers the session-mechanism according to my fellow developer.  I.e.
> we don't handle cookies ourselves, we rely on Tomcat's handling which
> has worked fine until we started to mess with Mac and IE 5.

Perhaps there is something in the configuration of your server (server.xml),
or its default webapp settings (conf/web.xml), or the configuration of your
webapp (WEB-INF/web.xml) that is causing the session cookie to be set as a
secure cookie.

> Note, we don't switch between HTTP and HTTPS, but you are right in your
> comment.

If you're only responding to HTTPS, then you probably don't need to set the
Secure flag on the cookie anyway.  I would bet that if you can find a way to
get tomcat not to set that flag, your problem may go away.

-- 
+---+
| Dave Makower<[EMAIL PROTECTED]> |
| http://www.davemak.com/   |
+---+

--
To unsubscribe:   
For additional commands: 
Troubles with the list:

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Dave,


>The system described above relies on correct behavior of cookies on the Mac
>in IE, and it works for us.  I don't know if any behavior on the Tomcat side
>has changed since 4.0.1, but I would tend to doubt it.

That's nice to hear :-|

>Why are you using a secure cookie for the session cookie?  Do you need to?

1. We tested this exclusively over HTTPS.  For HTTP things work OK:

2. Actually, we do absolutely nothing but "request.getSession()" which
triggers the session-mechanism according to my fellow developer.  I.e.
we don't handle cookies ourselves, we rely on Tomcat's handling which
has worked fine until we started to mess with Mac and IE 5.

>If so, you can't expect the session to remain intact across HTTP and HTTPS
>requests.  Any browser that DOES send a secure cookie over a straight HTTP
>request is dangerously out of spec.

Note, we don't switch between HTTP and HTTPS, but you are right in your
comment.

cheers,
Anders



--
To unsubscribe:   
For additional commands: 
Troubles with the list:

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Dave Makower

I've been watching this thread with some interest, because I have had no
difficulty using cookie-based sessions on Tomcat 4.0.1 with Mac OS X and IE.

Judging from the headers you reproduced in your email, it would appear the
Tomcat has been configured in such a way as to treat the session cookie as
secure, which means that it should ONLY be sent over an encrypted
connection.  As a result, the browser will NOT send the cookie over a
regular HTTP session, so if you switch back and forth between regular HTTP
and HTTP/SSL (i.e., "https"), the requests will not use the same session.

In order to maintain sessions across HTTP and HTTPS, we use a non-secure
cookie as the session ID (I think this is the default, anyway).  Once
someone logs in, which we only allow to occur over SSL, we and set a secure
cookie with a randomly-generated value in the response.  After that, we
redirect all traffic that requires a logged-in user to HTTPS, and only treat
them as really logged in if the secure cookie is present, and matches the
value generated by us when they logged in.  This allows us to switch the
browser back and forth between HTTP and HTTPS at will, and only require the
user to log in once per session.

The system described above relies on correct behavior of cookies on the Mac
in IE, and it works for us.  I don't know if any behavior on the Tomcat side
has changed since 4.0.1, but I would tend to doubt it.

Why are you using a secure cookie for the session cookie?  Do you need to?
If so, you can't expect the session to remain intact across HTTP and HTTPS
requests.  Any browser that DOES send a secure cookie over a straight HTTP
request is dangerously out of spec.

On 3/8/02 10:32 AM, "Anders Rundgren" <[EMAIL PROTECTED]> wrote:
> Just done!  No cookies are sent from IE which means that TC is likely
> to send something IE 5 Mac does not understand.  "Secure" is an addition that
> TC offer but not IIS.  Secure is though RFC-compliant so maybe IE 5/mac
> *is* broken.
> 
> TOMCAT
> ---
> Date: Fri, 08 Mar 2002 15:00:42 GMT
> Server: Apache/1.3.23 (Unix) mod_ssl/2.8.6 OpenSSL/0.9.6 mod_jk/1.2.0
> EXPIRES: Thu, 01 Jan 1970 00:00:00 GMT
> Set-Cookie: JSESSIONID=7C1F8E3DD950780CA775B3EB3AE74D16;Path=/BuyerASP;Secure
> Connection: close
> Content-Type: text/html
> 
> IIS
> ---
> Server: Microsoft-IIS/5.0
> Date: Fri, 08 Mar 2002 15:13:12 GMT
> Connection: Keep-Alive
> Content-Length: 1443
> Content-Type: text/html
> Expires: Fri, 08 Mar 2002 15:12:12 GMT
> Set-Cookie: ASPSESSIONIDGQQGGWNY=INDLBBEAKPOBKEMFDDDHAFCM; path=/shop
> Cache-control: private

-- 
+---+
| Dave Makower<[EMAIL PROTECTED]> |
| http://www.davemak.com/   |
+---+

--
To unsubscribe:   
For additional commands: 
Troubles with the list:

RE: AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Rich Sneiderman


Sorry to jump in on this but I'm not sure that encodeURL will solve the
problem.  

If I understand it correctly, encodeURL will 'ONLY' add session
information if it determines that it must be added because cookies are
disabled.  To quote the JavaDoc for encodeURL:


The implementation of this method includes the logic to determine
whether the session ID needs to be encoded in the URL. For example, if
the browser supports cookies, or session tracking is turned off, URL
encoding is unnecessary. 


Have you guys determined that Tomcat recognizes that Mac IE does not
support cookies in this case?

- Rich

-Original Message-
From: David Cassidy [mailto:[EMAIL PROTECTED]] 
Sent: Friday, March 08, 2002 7:36 AM
To: Tomcat Users List
Subject: Re: AW: IE 5 on Mac is incompatible with TC 4?


sounds to me that this whole line of conversation could be summed up as

If you want users without cookies to use your site then use encodeURL if
not tough.

This isn't a tomcat issue, it's a lazy ( web site) programmer issue ;-^)

(honest not flame bait :

D



Joe Laffey wrote:

> On Fri, 8 Mar 2002, Ralph Einfeldt wrote:
>
> > I don't copletly agree with that.
> >
> > As long as you don't break specs it is possible to do something in 
> > tomcat to deal with errors in browsers. (Like missbehavior in the 
> > headers of a http request)
> >
> > If a browser has a bug that you can't deal with, without breaking 
> > the spec there isn't much you can do.
>
> I understand your concern over the specs. But users don't care about 
> specs, neither do manager, CEOs, or the bean counters. They care about

> profits.  And alienating users with your website is NOT a way to 
> increase profits ;-)
>
> > There might also be browser bugs that you can't avoid at all. E.G. 
> > if a browser doesn't send a cookie under certain conditions, what 
> > would you suggest to change on the server side to change that. (I 
> > don't know if this happens here)
> >
>
> I too know nothing about the issue, and have not tested it to see if 
> it even exists. (Perhaps I should have kept my mouth shut in the first
> place.) I simply wanted to point out that hold spec up as Holy Grail 
> doesn't do any users any good at all. There will always be 
> incompatibilities. The industry has tried forever to have "specs," 
> "guidelines", and "requirements." There have always been exceptions. 
> Unless you control ALL the software involved, or have the full 
> cooperation of those who do (MS, cooperate? yeah, sure...) things will

> have to be adjusted to fit.
>
> If this is indeed a bug in IE5 Mac then it should be documented as an 
> incompatibility prominently on the Tomcat website. This way developers

> won't look like idiots when their clients call screaming that their 
> daughter can't even order products from their website from her iMac! 
> The prudent developer will find a workaround or choose something other

> than Tomcat.
>
> > In this case you don't have to alienate all Mac IE5
> > users because there is workaround: using encodeUrl().
> > Which should be used anyway, because otherwise you will alienate all

> > users that disable cookies. (Which will be more than Mac OS 9 users 
> > with IE 5)
>
> If this works then yes, it is a good solution. (Not requiring cookies 
> is always a good solution, but it costs more time/money.) However, 
> IMHO, the Tomcat docs ought to reflect this incompatibility 
> prominently so the developer know that they will have to waste hours 
> working around it.
>
> Again, I have no idea if a bug really exists. I am simply making noise

> because I think that money is more important than specs to most 
> developers and definitely to most suits.
>
> I will now be quiet. I hope I haven't offended you or anyone on the 
> Tomcat team. I think Tomcat is a good project.
>
> --
> Joe Laffey  |  Want to convert subnet masks between
different
> LAFFEY Computer Imaging |  notations, or figure the number of IPs in a
block?
> St. Louis, MO   |  Whatmask-It's FREE -
www.laffeycomputer.com/wm.html
> --
> 
>
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ed Abrams

I believe that Joe is right: the JSP/Servlet spec is a server-side spec, and
the servers serve (forgive the pun) the browser community.  A spec that
actually excludes even 1% of the browsers is suspect, IMHO.  (And I'm not
sure I believe that the JSP/Servlet spec could possibly be the culprit --
surely the culprit here is some optional behavior of Tomcat, since other
implementations of the same spec work dandy on other web/Servlet servers.)

-Original Message-
From: Joe Laffey [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 8:27 AM
To: Tomcat Users List
Subject: RE: IE 5 on Mac is incompatible with TC 4?

On Fri, 8 Mar 2002, Randy Layman wrote:

>
>   I haven't been following this thread but it seems like you are
> saying that Tomcat should be modified to work correctly with IE 5.  The
> problem with that is that Tomcat is an reference implementation of a
> particular spec (JSP/Servlet) which dictates how things have to work - it
is
> the reference by which all others are implemented.  It can't change to
> accommodate bugs or "special features" of client software.
>

Who cares if it's a "reference implementation?" If it doesn't work with
current mainstream browsers then it is useless. No company running a
ecommerce site wants to alienate all Mac IE5 users. It would be idiotic,
not mention bad business.

Tomcat must work with all current mainstream browsers (at least NS and IE)
on all all major platforms for it to be useful. Typical sers do not
upgrade their browsers. So everything else must be upgraded to work with
them, bugs and all.

My $0.02

--
Joe Laffey  |  Want to convert subnet masks between different
LAFFEY Computer Imaging |  notations, or figure the number of IPs in a
block?
St. Louis, MO   |  Whatmask-It's FREE -
www.laffeycomputer.com/wm.html

--

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

AW: AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ralph Einfeldt


It's not easy to offend me with opinions on tomcat as I'm 
neither developer nor user of tomcat. (The later will change 
in the near future)

> -Ursprüngliche Nachricht-
> Von: Joe Laffey [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 16:24
> An: Tomcat Users List
> Betreff: Re: AW: IE 5 on Mac is incompatible with TC 4?

> I hope I haven't offended you or anyone on the Tomcat
> team. I think Tomcat is a good project.
mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread David Cassidy


sounds to me that this whole line of conversation could be
summed up as

If you want users without cookies to use your site then use
encodeURL
if not tough.

This isn't a tomcat issue, it's a lazy ( web site) programmer issue ;-^)

(honest not flame bait :

D



Joe Laffey wrote:

> On Fri, 8 Mar 2002, Ralph Einfeldt wrote:
>
> > I don't copletly agree with that.
> >
> > As long as you don't break specs it is possible to do
> > something in tomcat to deal with errors in browsers.
> > (Like missbehavior in the headers of a http request)
> >
> > If a browser has a bug that you can't deal with, without
> > breaking the spec there isn't much you can do.
>
> I understand your concern over the specs. But users don't care about
> specs, neither do manager, CEOs, or the bean counters. They care about
> profits.  And alienating users with your website is NOT a way to increase
> profits ;-)
>
> > There might also be browser bugs that you can't avoid at
> > all. E.G. if a browser doesn't send a cookie under certain
> > conditions, what would you suggest to change on the server
> > side to change that. (I don't know if this happens here)
> >
>
> I too know nothing about the issue, and have not tested it to see if it
> even exists. (Perhaps I should have kept my mouth shut in the first
> place.) I simply wanted to point out that hold spec up as Holy Grail
> doesn't do any users any good at all. There will always be
> incompatibilities. The industry has tried forever to have "specs,"
> "guidelines", and "requirements." There have always been exceptions.
> Unless you control ALL the software involved, or have the full cooperation
> of those who do (MS, cooperate? yeah, sure...) things will have to be
> adjusted to fit.
>
> If this is indeed a bug in IE5 Mac then it should be documented as an
> incompatibility prominently on the Tomcat website. This way developers
> won't look like idiots when their clients call screaming that their
> daughter can't even order products from their website from her iMac! The
> prudent developer will find a workaround or choose something other than
> Tomcat.
>
> > In this case you don't have to alienate all Mac IE5
> > users because there is workaround: using encodeUrl().
> > Which should be used anyway, because otherwise you will
> > alienate all users that disable cookies. (Which will be
> > more than Mac OS 9 users with IE 5)
>
> If this works then yes, it is a good solution. (Not requiring cookies is
> always a good solution, but it costs more time/money.) However, IMHO, the
> Tomcat docs ought to reflect this incompatibility prominently so the
> developer know that they will have to waste hours working around it.
>
> Again, I have no idea if a bug really exists. I am simply making noise
> because I think that money is more important than specs to most developers
> and definitely to most suits.
>
> I will now be quiet. I hope I haven't offended you or anyone on the Tomcat
> team. I think Tomcat is a good project.
>
> --
> Joe Laffey  |  Want to convert subnet masks between different
> LAFFEY Computer Imaging |  notations, or figure the number of IPs in a block?
> St. Louis, MO   |  Whatmask-It's FREE - www.laffeycomputer.com/wm.html
> --
>
> --
> To unsubscribe:   
> For additional commands: 
> Troubles with the list: 


--
To unsubscribe:   
For additional commands: 
Troubles with the list:

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Ralph, at this stage we can just guess as it does not *have* to be a browser bug.
Particularly as other web-servers most likely handles this differently.
I have verified that IIS does this OK but that was hardly a surprise :-).

I will now perform some deeper investigation by writing a small servlet
that just spews out header contents to see what differs.

Just done!  No cookies are sent from IE which means that TC is likely
to send something IE 5 Mac does not understand.  "Secure" is an addition that
TC offer but not IIS.  Secure is though RFC-compliant so maybe IE 5/mac
*is* broken.

TOMCAT
---
Date: Fri, 08 Mar 2002 15:00:42 GMT
Server: Apache/1.3.23 (Unix) mod_ssl/2.8.6 OpenSSL/0.9.6 mod_jk/1.2.0
EXPIRES: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=7C1F8E3DD950780CA775B3EB3AE74D16;Path=/BuyerASP;Secure
Connection: close
Content-Type: text/html

IIS
---
Server: Microsoft-IIS/5.0
Date: Fri, 08 Mar 2002 15:13:12 GMT
Connection: Keep-Alive
Content-Length: 1443
Content-Type: text/html
Expires: Fri, 08 Mar 2002 15:12:12 GMT
Set-Cookie: ASPSESSIONIDGQQGGWNY=INDLBBEAKPOBKEMFDDDHAFCM; path=/shop
Cache-control: private

Anders

- Original Message -
From: "Ralph Einfeldt" <>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 15:10
Subject: AW: IE 5 on Mac is incompatible with TC 4?


I don't copletly agree with that.

As long as you don't break specs it is possible to do
something in tomcat to deal with errors in browsers.
(Like missbehavior in the headers of a http request)

If a browser has a bug that you can't deal with, without
breaking the spec there isn't much you can do.

There might also be browser bugs that you can't avoid at
all. E.G. if a browser doesn't send a cookie under certain
conditions, what would you suggest to change on the server
side to change that. (I don't know if this happens here)

P.S:
In this case you don't have to alienate all Mac IE5
users because there is workaround: using encodeUrl().
Which should be used anyway, because otherwise you will
alienate all users that disable cookies. (Which will be
more than Mac OS 9 users with IE 5)

> -Ursprüngliche Nachricht-
> Von: Joe Laffey [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 14:27
> An: Tomcat Users List
> Betreff: RE: IE 5 on Mac is incompatible with TC 4?

> Who cares if it's a "reference implementation?" If it doesn't
> work with
> current mainstream browsers then it is useless. No company running a
> ecommerce site wants to alienate all Mac IE5 users. It would
> be idiotic, not mention bad business.
>
> Tomcat must work with all current mainstream browsers (at
> least NS and IE)
> on all all major platforms for it to be useful. Typical sers do not
> upgrade their browsers. So everything else must be upgraded
> to work with
> them, bugs and all.


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Joe Laffey

On Fri, 8 Mar 2002, Ralph Einfeldt wrote:

> I don't copletly agree with that.
>
> As long as you don't break specs it is possible to do
> something in tomcat to deal with errors in browsers.
> (Like missbehavior in the headers of a http request)
>
> If a browser has a bug that you can't deal with, without
> breaking the spec there isn't much you can do.

I understand your concern over the specs. But users don't care about
specs, neither do manager, CEOs, or the bean counters. They care about
profits.  And alienating users with your website is NOT a way to increase
profits ;-)

> There might also be browser bugs that you can't avoid at
> all. E.G. if a browser doesn't send a cookie under certain
> conditions, what would you suggest to change on the server
> side to change that. (I don't know if this happens here)
>

I too know nothing about the issue, and have not tested it to see if it
even exists. (Perhaps I should have kept my mouth shut in the first
place.) I simply wanted to point out that hold spec up as Holy Grail
doesn't do any users any good at all. There will always be
incompatibilities. The industry has tried forever to have "specs,"
"guidelines", and "requirements." There have always been exceptions.
Unless you control ALL the software involved, or have the full cooperation
of those who do (MS, cooperate? yeah, sure...) things will have to be
adjusted to fit.

If this is indeed a bug in IE5 Mac then it should be documented as an
incompatibility prominently on the Tomcat website. This way developers
won't look like idiots when their clients call screaming that their
daughter can't even order products from their website from her iMac! The
prudent developer will find a workaround or choose something other than
Tomcat.

> In this case you don't have to alienate all Mac IE5
> users because there is workaround: using encodeUrl().
> Which should be used anyway, because otherwise you will
> alienate all users that disable cookies. (Which will be
> more than Mac OS 9 users with IE 5)

If this works then yes, it is a good solution. (Not requiring cookies is
always a good solution, but it costs more time/money.) However, IMHO, the
Tomcat docs ought to reflect this incompatibility prominently so the
developer know that they will have to waste hours working around it.

Again, I have no idea if a bug really exists. I am simply making noise
because I think that money is more important than specs to most developers
and definitely to most suits.

I will now be quiet. I hope I haven't offended you or anyone on the Tomcat
team. I think Tomcat is a good project.

--
Joe Laffey  |  Want to convert subnet masks between different
LAFFEY Computer Imaging |  notations, or figure the number of IPs in a block?
St. Louis, MO   |  Whatmask-It's FREE - www.laffeycomputer.com/wm.html
--

--
To unsubscribe:   
For additional commands: 
Troubles with the list:

AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ralph Einfeldt


I don't copletly agree with that.

As long as you don't break specs it is possible to do
something in tomcat to deal with errors in browsers.
(Like missbehavior in the headers of a http request)

If a browser has a bug that you can't deal with, without 
breaking the spec there isn't much you can do.

There might also be browser bugs that you can't avoid at 
all. E.G. if a browser doesn't send a cookie under certain 
conditions, what would you suggest to change on the server
side to change that. (I don't know if this happens here)

P.S: 
In this case you don't have to alienate all Mac IE5 
users because there is workaround: using encodeUrl().
Which should be used anyway, because otherwise you will
alienate all users that disable cookies. (Which will be
more than Mac OS 9 users with IE 5)

> -Ursprüngliche Nachricht-
> Von: Joe Laffey [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 14:27
> An: Tomcat Users List
> Betreff: RE: IE 5 on Mac is incompatible with TC 4?
 
> Who cares if it's a "reference implementation?" If it doesn't 
> work with
> current mainstream browsers then it is useless. No company running a
> ecommerce site wants to alienate all Mac IE5 users. It would 
> be idiotic, not mention bad business.
> 
> Tomcat must work with all current mainstream browsers (at 
> least NS and IE)
> on all all major platforms for it to be useful. Typical sers do not
> upgrade their browsers. So everything else must be upgraded 
> to work with
> them, bugs and all.
 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Justin Rowles


From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> 
> Well  This is matter of "taste".  As IE 5 is the current 
> Mac release and
> IE is relatively popular even by Mac-user's, I believe that TC should
> adopt to IE 5 rather than the revse.  A *really* strange thing is that
> persistant cookies work.  But the problem is only related to SSL.

Sounds like you want the TomCat developers to write code so they can receive a cookie 
that the Mac IE isn't sending.

If you have example code I'd love to see it ;-)

J.
-- 
You're only jealous cos the little penguins are talking to me. 



***
For more information on Ordnance Survey products and services,
visit our web site at http://www.ordnancesurvey.co.uk
***




--
To unsubscribe:   
For additional commands: 
Troubles with the list:

RE: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Joe Laffey

On Fri, 8 Mar 2002, Randy Layman wrote:

>
>   I haven't been following this thread but it seems like you are
> saying that Tomcat should be modified to work correctly with IE 5.  The
> problem with that is that Tomcat is an reference implementation of a
> particular spec (JSP/Servlet) which dictates how things have to work - it is
> the reference by which all others are implemented.  It can't change to
> accommodate bugs or "special features" of client software.
>

Who cares if it's a "reference implementation?" If it doesn't work with
current mainstream browsers then it is useless. No company running a
ecommerce site wants to alienate all Mac IE5 users. It would be idiotic,
not mention bad business.

Tomcat must work with all current mainstream browsers (at least NS and IE)
on all all major platforms for it to be useful. Typical sers do not
upgrade their browsers. So everything else must be upgraded to work with
them, bugs and all.

My $0.02

--
Joe Laffey  |  Want to convert subnet masks between different
LAFFEY Computer Imaging |  notations, or figure the number of IPs in a block?
St. Louis, MO   |  Whatmask-It's FREE - www.laffeycomputer.com/wm.html
--

--
To unsubscribe:   
For additional commands: 
Troubles with the list:

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Randy,
I don't know if Mac IE 5 is doing something *outside* of the cookie-specification
(which governs this rather than the servlet specification), but I'm pretty sure that
the original Apache-server handles this differently than Tomcat.  Do you know
any Apache SSL-site using session-cookies that I could test?

/anders

- Original Message - 
From: "Randy Layman" <>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 13:19
Subject: RE: IE 5 on Mac is incompatible with TC 4?



I haven't been following this thread but it seems like you are
saying that Tomcat should be modified to work correctly with IE 5.  The
problem with that is that Tomcat is an reference implementation of a
particular spec (JSP/Servlet) which dictates how things have to work - it is
the reference by which all others are implemented.  It can't change to
accommodate bugs or "special features" of client software.

Randy

> -Original Message-
> From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 08, 2002 7:51 AM
> To: Tomcat Users List
> Subject: Re: IE 5 on Mac is incompatible with TC 4?
> 
> 
> Ralph,
> 
> >I got the impression from your previous posts, that
> >the browser is the source not tomcat.
> 
> Well  This is matter of "taste".  As IE 5 is the current 
> Mac release and
> IE is relatively popular even by Mac-user's, I believe that TC should
> adopt to IE 5 rather than the revse.  A *really* strange thing is that
> persistant cookies work.  But the problem is only related to SSL.
> 
> /anders
> 
> 
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

RE: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Randy Layman



I haven't been following this thread but it seems like you are
saying that Tomcat should be modified to work correctly with IE 5.  The
problem with that is that Tomcat is an reference implementation of a
particular spec (JSP/Servlet) which dictates how things have to work - it is
the reference by which all others are implemented.  It can't change to
accommodate bugs or "special features" of client software.

Randy

> -Original Message-
> From: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 08, 2002 7:51 AM
> To: Tomcat Users List
> Subject: Re: IE 5 on Mac is incompatible with TC 4?
> 
> 
> Ralph,
> 
> >I got the impression from your previous posts, that
> >the browser is the source not tomcat.
> 
> Well  This is matter of "taste".  As IE 5 is the current 
> Mac release and
> IE is relatively popular even by Mac-user's, I believe that TC should
> adopt to IE 5 rather than the revse.  A *really* strange thing is that
> persistant cookies work.  But the problem is only related to SSL.
> 
> /anders
> 
> 
> 
> 
> --
> To unsubscribe:   <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Ralph,

>I got the impression from your previous posts, that
>the browser is the source not tomcat.

Well  This is matter of "taste".  As IE 5 is the current Mac release and
IE is relatively popular even by Mac-user's, I believe that TC should
adopt to IE 5 rather than the revse.  A *really* strange thing is that
persistant cookies work.  But the problem is only related to SSL.

/anders




--
To unsubscribe:   
For additional commands: 
Troubles with the list:

AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ralph Einfeldt


I got the impression from your previous posts, that
the browser is the source not tomcat.

> -Ursprüngliche Nachricht-
> Von: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 13:19
> An: Tomcat Users List
> Betreff: Re: IE 5 on Mac is incompatible with TC 4?
> 
> 
> Ralph,
> Thanx for your advice but this is likely to be a bug in TC 
> 4.0.2 that cannot be too hard to fix.  I just found-out that 
> it only affects SSL, which I guess is the reason no one has 
> seen it before.
> 
> URL rewriting is a possibility but our app will get "ugly", 
> so I prefer to
> launch without Mac.
> 
> Anders
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Ralph,
Thanx for your advice but this is likely to be a bug in TC 4.0.2 that cannot be
too hard to fix.  I just found-out that it only affects SSL, which I guess is the
reason no one has seen it before.

URL rewriting is a possibility but our app will get "ugly", so I prefer to
launch without Mac.

Anders

- Original Message -
From: "Ralph Einfeldt" <>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 13:11
Subject: AW: IE 5 on Mac is incompatible with TC 4?


I think they best way you can solve this problem, is to
use response.encodeUrl() on all links to enable the session
tracking by url.

> -Ursprüngliche Nachricht-
> Von: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 13:04
> An: Tomcat Users List
> Betreff: SSL: IE 5 on Mac is incompatible with TC 4?
>
>
> Now i have digged a little bit further in this.
> The IE 5 Mac missing session cookie problem only occurs when
> using SSL.
> Too bad our app needs SSL.
>
> Anders
>

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>



--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

AW: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Ralph Einfeldt


I think they best way you can solve this problem, is to 
use response.encodeUrl() on all links to enable the session 
tracking by url.

> -Ursprüngliche Nachricht-
> Von: Anders Rundgren [mailto:[EMAIL PROTECTED]]
> Gesendet: Freitag, 8. März 2002 13:04
> An: Tomcat Users List
> Betreff: SSL: IE 5 on Mac is incompatible with TC 4?
> 
> 
> Now i have digged a little bit further in this.
> The IE 5 Mac missing session cookie problem only occurs when 
> using SSL.
> Too bad our app needs SSL.
> 
> Anders
> 

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

SSL: IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren

Now i have digged a little bit further in this.
The IE 5 Mac missing session cookie problem only occurs when using SSL.
Too bad our app needs SSL.

Anders

- Original Message - 
From: "Anders Rundgren" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, March 08, 2002 11:27
Subject: IE 5 on Mac is incompatible with TC 4?

Hi,
I have a Tomcat app using sessions based on cookies (i.e. std way) that
works with a huge set of browsers and OSes.

But on Mac using IE 5 it does not.  The culprit seems to be that session
cookies are not compatible in some way as they are not visible in
TC.

Is this a known problem?

BTW, the configuration is Apache on Linux, using ajp1.3 and TC 4.0.2

cheers,
Anders R

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

IE 5 on Mac is incompatible with TC 4?

2002-03-08 Thread Anders Rundgren


Hi,
I have a Tomcat app using sessions based on cookies (i.e. std way) that
works with a huge set of browsers and OSes.

But on Mac using IE 5 it does not.  The culprit seems to be that session
cookies are not compatible in some way as they are not visible in
TC.

Is this a known problem?

BTW, the configuration is Apache on Linux, using ajp1.3 and TC 4.0.2

cheers,
Anders R


--
To unsubscribe:   
For additional commands: 
Troubles with the list:

RE: Keep-Alive. Was: IE 5 on Mac is incompatible with TC 4?

Keep-Alive. Was: IE 5 on Mac is incompatible with TC 4?

RE: IE 5 on Mac is incompatible with TC 4?

Keep-Alive dead? Was: IE 5 on Mac is incompatible with TC 4?

AW: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

RE: AW: IE 5 on Mac is incompatible with TC 4?

RE: IE 5 on Mac is incompatible with TC 4?

AW: AW: IE 5 on Mac is incompatible with TC 4?

Re: AW: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

Re: AW: IE 5 on Mac is incompatible with TC 4?

AW: IE 5 on Mac is incompatible with TC 4?

RE: IE 5 on Mac is incompatible with TC 4?

RE: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

RE: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

AW: IE 5 on Mac is incompatible with TC 4?

Re: IE 5 on Mac is incompatible with TC 4?

AW: IE 5 on Mac is incompatible with TC 4?

SSL: IE 5 on Mac is incompatible with TC 4?

IE 5 on Mac is incompatible with TC 4?

25 matches

Site Navigation

Mail list logo

Footer information