Hi,
I'm working on a JSF (myfaces) project that runs on Tomcat. First I thought it was a myfaces issue,
but they told me that the container is responsible for the session cookie, so now I'm here :-)
I've created a minimal JSF test project and I called it jsf_test. When I open the tomcat manager (web)
and the webapp's welcome page in the browser, I can see that every reload of the webapp page increases
the session count.
In the web console of firefox, I could see that the session cookie was set with the path /jsf%5ftest,
while other cookies (set by myfaces) were correctly set with the path /jsf_test.
It looks like firefox treats /jsf_test and /jsf%5ftest as different pathes and therefore does not send
the session cookie with the next request, while chromium ignores the difference.
I also noticed that the issue does not occur on every deployment / tomcat restart. It looks like the
webapp name is stored internally during initialization, and depending on little timing variations
(race condition ?), it is either initialized to the escaped or the unescaped value. Tomcat manager
always displays the unescaped name.
Among my teammates, some are always affected, some occasionally, and some never.
After renaming the webapp to "jsftest", the session count increments were gone.
The issue also occurs with a minus in the name, like "jsf-test".
Unfortunately, my real-world productive project has an underscore in it's name too, but as many users
have bookmarked it, I can't just rename it.
Is this a bug in tomcat ?
Environment:
OS: Linux / Windows
Tomcat version: 8.0.36
JDK: Oracle JDK 1.8.0_92
Within the team, we're using different minor verions, but I've tested with the
newest ones.
Regards,
Markus Näher
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
