Re: IE 20 session cookies limitation
This is neat. Thanks! -- Rick Peter Rossbach wrote: Option is Connector emptySessionPath=true ... / Then all webapps share the same session id. Cheers Peter Am 16.04.2006 um 15:12 schrieb Tim Funk: Check the docs - there is an option that will allow tomcat to use the same jsessionid for all webapps. -Tim Rick Wong wrote: It's been a while since my last posting of this topic. I have a work-around that perhaps someone may find it useful. I worked around the issue by implementing a Tomcat Valve, and screen out for the jsessionsso cookie on every request. If I find it, I reinsert it back into the response within the valve to touch the timestamp of the jssessionsso cookie. This way, when IE wants to throw away a cookie, jsessionsso would be the last one it picks. It's not a perfect solution but there is nothing I can do about IE's deficiency (how often do you see Microsoft rigidly conforms to a spec?) Thanks, --Rick Rick Wong wrote: Hi, I am using Tomcat 5.0.26. I have 20+ web applications hooked up with single-sign-on. Each web application generates a JESSIONID session cookie with a different path, and shares a single JSESSIONIDSSO. When testing my suite of applications, I notice that IE consistently drops my login after accessing the 20th web application within a session. I did some research and learned about RFC 2109 where HTTP agents should support a minimum of 20 session cookies per domain. That appears to be just what IE does. The following Microsoft knowledgebase article explains that: http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I suspect JSESSIONIDSSO was the oldest cookie, and was the first to get dropped by IE when reaching over 20 session cookies. Firefox does not have this problem. Knowing that I cannot easily refactor the application suite to make less number of web application ( 19), I am wondering if anyone else has this problem, and if and how I might work around this IE limitation. Thanks, --Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE 20 session cookies limitation
Option is Connector emptySessionPath=true ... / Then all webapps share the same session id. Cheers Peter Am 16.04.2006 um 15:12 schrieb Tim Funk: Check the docs - there is an option that will allow tomcat to use the same jsessionid for all webapps. -Tim Rick Wong wrote: It's been a while since my last posting of this topic. I have a work-around that perhaps someone may find it useful. I worked around the issue by implementing a Tomcat Valve, and screen out for the jsessionsso cookie on every request. If I find it, I reinsert it back into the response within the valve to touch the timestamp of the jssessionsso cookie. This way, when IE wants to throw away a cookie, jsessionsso would be the last one it picks. It's not a perfect solution but there is nothing I can do about IE's deficiency (how often do you see Microsoft rigidly conforms to a spec?) Thanks, -- Rick Rick Wong wrote: Hi, I am using Tomcat 5.0.26. I have 20+ web applications hooked up with single-sign-on. Each web application generates a JESSIONID session cookie with a different path, and shares a single JSESSIONIDSSO. When testing my suite of applications, I notice that IE consistently drops my login after accessing the 20th web application within a session. I did some research and learned about RFC 2109 where HTTP agents should support a minimum of 20 session cookies per domain. That appears to be just what IE does. The following Microsoft knowledgebase article explains that: http://support.microsoft.com/default.aspx?scid=kb;EN-US; 306070. I suspect JSESSIONIDSSO was the oldest cookie, and was the first to get dropped by IE when reaching over 20 session cookies. Firefox does not have this problem. Knowing that I cannot easily refactor the application suite to make less number of web application ( 19), I am wondering if anyone else has this problem, and if and how I might work around this IE limitation. Thanks, -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE 20 session cookies limitation
Check the docs - there is an option that will allow tomcat to use the same jsessionid for all webapps. -Tim Rick Wong wrote: It's been a while since my last posting of this topic. I have a work-around that perhaps someone may find it useful. I worked around the issue by implementing a Tomcat Valve, and screen out for the jsessionsso cookie on every request. If I find it, I reinsert it back into the response within the valve to touch the timestamp of the jssessionsso cookie. This way, when IE wants to throw away a cookie, jsessionsso would be the last one it picks. It's not a perfect solution but there is nothing I can do about IE's deficiency (how often do you see Microsoft rigidly conforms to a spec?) Thanks, -- Rick Rick Wong wrote: Hi, I am using Tomcat 5.0.26. I have 20+ web applications hooked up with single-sign-on. Each web application generates a JESSIONID session cookie with a different path, and shares a single JSESSIONIDSSO. When testing my suite of applications, I notice that IE consistently drops my login after accessing the 20th web application within a session. I did some research and learned about RFC 2109 where HTTP agents should support a minimum of 20 session cookies per domain. That appears to be just what IE does. The following Microsoft knowledgebase article explains that: http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I suspect JSESSIONIDSSO was the oldest cookie, and was the first to get dropped by IE when reaching over 20 session cookies. Firefox does not have this problem. Knowing that I cannot easily refactor the application suite to make less number of web application ( 19), I am wondering if anyone else has this problem, and if and how I might work around this IE limitation. Thanks, -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
