One-liner: How do you turn session cookies off, server side?
Hi!
Nowadays it's illegal to use cookies on web sites in sweden, without
informing the visitor that it's done and why, what cookie is etc. Since
I don't have any use of a session nor am interested in adding a page
saying we use
On 9/28/05, Fredrik Wendt [EMAIL PROTECTED] wrote:
One-liner: How do you turn session cookies off, server side?
Context/ element has an attribute cookies. set it to false to turn
off session cookies.
See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/context.html
Hi!
Nowadays it's
Maybee OT, but is using URL rewriting considered as cookie?
/Johan
-Original Message-
From: Anto Paul [mailto:[EMAIL PROTECTED]
Sent: den 28 september 2005 13:12
To: Tomcat Users List
Subject: Re: how to turn off session cookies
On 9/28/05, Fredrik Wendt [EMAIL PROTECTED] wrote:
One
Hello all,
I'm trying to force a particular web application to use url-rewritting
in place of session cookies to manage the session on Tomcat 5.0.28. I
have, per the documentation, set the cookies=false attribute of the
Context container for that application. However, the cookie is still
i've got a webapp deployed in tomcat 5.5.9 that provides three separate
interfaces to my business logic:
1) web ui
2) webdav
3) rest
i want session management via cookies and url-rewriting for the web ui
but not for the other interfaces. is there a clean way to achieve that
portably
Hi!
Rui Alberto schrieb:
I don't want tomcat to set cookies on the client. In any situation. I've
configured a Context in server.xml to my application:
EX:
Context cookies=false docBase=cocoon path=/ reloadable=false/
I've got the same problem. There's also an older posting here on the list
Hi all,
I don't want tomcat to set cookies on the client. In any situation. I've
configured a Context in server.xml to my application:
EX:
Context cookies=false docBase=cocoon path=/ reloadable=false/
But if the URL does not contain URL;JSESSIONID=ID, tomcat allways sets a
cookie on the client
after accessing the 20th web application within a
session. I did some research and learned about RFC 2109 where HTTP
agents should support a minimum of 20 session cookies per domain. That
appears to be just what IE does. The following Microsoft knowledgebase
article explains that:
http
How about passing the session ids in the url like you woud do if the
user had cookies disabled?
-Original Message-
From: Rick Wong [mailto:[EMAIL PROTECTED]
Sent: Friday, May 13, 2005 11:42 AM
To: tomcat-user@jakarta.apache.org
Subject: IE 20 session cookies limitation
Hi,
I am using
From: Rick Wong [EMAIL PROTECTED]
Sent: Friday, May 13, 2005 11:42 AM
Knowing that I cannot easily refactor the application suite to make less
number of web application ( 19), I am wondering if anyone else has this
problem, and if and how I might work around this IE limitation.
Tweak the
,
--set cookie-
String cookieName=userlogin;
Cookie userCookie = new Cookie(user, uname1);
userCookie.setMaxAge(-1);
userCookie.setPath(/);
response.addCookie(userCookie);
--get cookie--
Cookie cookies
I think you have an error in your code.
Cookie cookies[]=request.getCookies();
...
uCookie=cookies[0];
username=sCookie.getName();
is it sCookie or uCookie?
DarekC
On Mon, 25 Apr 2005 11:30:55 +0800
XiaoPeng [EMAIL PROTECTED] wrote:
Dear Sir/Madam,
This is XiaoPeng here. I am using
[EMAIL PROTECTED]
Sent: Apr 24, 2005 8:30 PM
To: tomcat-user@jakarta.apache.org
Subject: tomcat jsp problem with cookies
Dear Sir/Madam,
This is XiaoPeng here. I am using Tomcat 5.5.8 and JDK 1.5 to develope a project
now. The problem is the cookie is not stable. I had tried many times,
and tried
I'm using Tomcat 5.5.7 and I'm trying to get the session cookies to be
set to something other than the webapp path, preferably the server root.
In the change log for 5.5.4 it says Add the ability to force session
cookies to be set to the root path /, but I can't find anything that
actually
Hi all!
I'm making a filter that checks that my cookies are set, and sets them
if they are missing.
Code for setting cookie:
String path = request.getContextPath();
cookie = new Cookie(name, value);
cookie.setPath(path);
logger.debug(Setting cookie: + cookie.getName
getPath() in only useful for setting cookies. The browser only sends the name
/value pairing of the cookie back to you. It omits path and expiration.
-Tim
Trond G. Ziarkowski wrote:
Hi all!
I'm making a filter that checks that my cookies are set, and sets them
if they are missing.
Code
Thanks Tim,
I was trying to use the same cookiename for different paths in my
webapp, but since the path is not sent I just have to use different
cookienames.
Trond
Tim Funk wrote:
getPath() in only useful for setting cookies. The browser only sends
the name /value pairing of the cookie back
,
I was trying to use the same cookiename for different paths in my
webapp, but since the path is not sent I just have to use different
cookienames.
Trond
Tim Funk wrote:
getPath() in only useful for setting cookies. The browser only sends
the name /value pairing of the cookie back to you
The API for the HttpServletResponse.encodeURL() method states that the
implementation of this method includes the logic to determine whether the
session ID needs to be encoded in the URL.
How does Tomcat know whether or not a browser supports cookies, or session
tracking is turned off
I use a HttpSession object.
HttpSession object = null;
When user access to site, i use:
object = request.getSession();
later i use:
boolean n = object.isNew();
if n = true, then user is not using cookies.
I suppose that tomcat is using Session Cookies and not re-writting politic..
because, tomcat
I understand what you are saying, Javier, if you have a round-trip
situation, where you set cookies in one response, and then test for them in
a follow-up request.
But I'm not convinced that's how Tomcat does it.
The first time a client connects to a server, there will not be any cookies
So you're saying that you've seen Tomcat *not* rewrite URLs in a response to
a first request from a client that *does* support cookies, and *does*
rewrite the URLs in a response to a first request from a client that doesn't
support cookies? That would indeed be very powerful software.
Tomcat
Thanks Mike - and Javier
I installed 'livehttpheaders' (cool!) and all was revealed - pretty much as
you and Javier said.
First time requests always result in URLs being rewritten to include the
session cookie ID - and it carries on that way if the client browser has
cookies disabled
Hi,
I require that an application never uses cookies, even if the user's browser
accepts cookies.
I have set cookies=false in the server.xml, however it is still attempting
to send cookies to the client. If the browser accepts the cookie, then the
session is maintained via cookies and if I
once concurrently, from different
PCs or browsers?
Are you using any javascript code in the browser to read/write cookies, or
just relying on tomcat to handle cookies?
-Original Message-
From: Todor Todorov [mailto:[EMAIL PROTECTED]
Sent: Sunday 24 October 2004 19:42
To: [EMAIL PROTECTED
Hey,
Is proxy involved on client's side ?
-Mark.
--- Todor Todorov [EMAIL PROTECTED] wrote:
Hello there,
We experienced strange behavior with Tomcat under heavy load.
Fairly simple JSP generates a page based on a persistent cookie,
unfortunately the browser receives someone else
Hello there,
We experienced strange behavior with Tomcat under heavy load.
Fairly simple JSP generates a page based on a persistent
cookie, unfortunately the browser receives someone else page.
For example, browser B1 sends request with cookie C1, but
receives page based on cookie
I have been looking for a way withing tomcat using a JDBCRealm to do
form bases authentication and allow users to set some sort of
Remember Me cookie, so they do not need to log into my application
more than once a month or so.
It looks like to me that FormAuthenticator is sort of hardcoded into
sets cookies to
do the remembering.
If you get your's going (I'm now on Tomcat 5.0.28, maybe there's
something new) I'd be interested in the details.
Good luck.
Best regards
Chris
--
Chris Ward, Horizon Asset Limited
mailto:[EMAIL PROTECTED]
Tel +44 (20) 7367 7028, Fax 7367 7029
--
THIS E
Hello!
Can JDBCRealm be configured to check for a cookie?
Thanks.
Deepa
Hi folks,
i actually face a strange phenomenon with the Tomcat session handling
mechanism. I want to use URL-rewriting instead of cookies and i used
therefore the cookies=false attribute in the Context element.
First the entry in the server.xml looked like that:
Context path=app docBase=app
I'm attempting to create a cookie within a Tag. My log messages tell me that
the call to pageContext.getResponse().addCookie() is being called - but
nothing is showing up at the browser.
I noticed a recent thread talking about sending cookie from JSPs. I looked
thru that thread and as far as
Name when NOT using cookies?
I not remember, if I asked this before, but it
happened again.
I DON'T USE cookies in my application. But sometimes I
see the following error messages in catalina log
files.
Can you comment and how to solve that?
Evgeny
Javadesk
2004-05-09 23:57:53 CoyoteAdapter Bad
Some questions that might help:
1) Do you have cookies turned off completely on all of your contexts?
That means that you should be seeing ;jsessionid= in any of your URLs
unless they are just hard coded html urls, right? In other words, if you
use response.encodeURL() for links, you should
Of course, I not disabled cookies in Tomcat and my
program invokes session.getAttribute() and
session.setAttribute(), but the program not
creates/reads cookies.
So, I will think about (2), if another appl on my
server might be setting cookies in the root path...
By the way how I can check
Do you have that many applications that might be setting cookies?
From the log posted, the cookie that tomcat seemed to be complaining
about was:
Path /Value: /myapplName
It doesn't say anything about what the name of the cookie is... unless
that is what Value is showing.
Does myapplName ring
Do you have that many applications that might be
setting cookies?
Those apps are clones of myapplName, and no one set
cookie. May be I need to look at Apache or Tomcat
configuration files, but what directives to search?
Can Apache redirect generate such error Path /Value:
/myapplName ?
Does
This is a FAQ. Set cookies=false in your context:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/context.html
-Yan
-Original Message-
From: Nils [mailto:[EMAIL PROTECTED]
Sent: May 8, 2004 04:41
To: [EMAIL PROTECTED]
Subject: WG: Session without Cookies
Hello there,
how can
thanx! that helped.
regards,
Nils
-Ursprüngliche Nachricht-
Von: Yansheng Lin [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 10. Mai 2004 21:06
An: 'Tomcat Users List'
Betreff: RE: Session without Cookies
This is a FAQ. Set cookies=false in your context:
http
I not remember, if I asked this before, but it
happened again.
I DON'T USE cookies in my application. But sometimes I
see the following error messages in catalina log
files.
Can you comment and how to solve that?
Evgeny
Javadesk
2004-05-09 23:57:53 CoyoteAdapter Bad Cookie Name:
Path /Value
Hello there,
how can I get Tomcat to just use URL-Session Ids and no cookies anymore? Is
there a server-side configuration?
regards,
Nils Köster
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail
)
id 1BMPGd-0006uz-RB
for [EMAIL PROTECTED]; Sat, 08 May 2004 12:41:15 +0200
From: Nils [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: WG: Session without Cookies
Date: Sat, 8 May 2004 12:41:15 +0200
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain
Emerson Cargnin wrote:
How do I read a cookie (inside a JSP) that I created inside a servlet.
It looks that it has different path properties and so when I'm inside
the JSP it can't read the cookie...
There is javax.servlet.http.Cookie.setPath(String) which obviously
works as it named. :-)
Did you ever get an answer to this?
You need to set the cookie path on your servlet cookie and your jsp up
high enough in your path so that both can read it.
Example:
www.domain.com/ I think can be your path.
Cookies usually default to setting themselves in their current path,
which may
How do I read a cookie (inside a JSP) that I created inside a servlet.
It looks that it has different path properties and so when I'm inside
the JSP it can't read the cookie...
--
Emerson Cargnin
Analista de Sistemas
Setor de Desenvolvimento de Sistemas - TRE-SC
tel : (048) - 251-3700 - Ramal
no. But the web client (browser) should be sending cookies in the most
specific to least specific order so this should not be an issue.
An alternative is to use URL rewriting.
-Tim
John Gibson wrote:
I'm running Tomcat 4.0.6 with Apache 2.0.46 on RedHat Advanced Server
and I'm running
Thanks.
I tried using URL rewriting that redirects www.foobar.com - foobar.com
and it works pretty well as long as people don't try to submit requests
commands to www.foobar.com.
However the problem with the cookies is that they are NOT generated in a
hierarchical fashion. If a session
I'm running Tomcat 4.0.6 with Apache 2.0.46 on RedHat Advanced Server
and I'm running into a problem with the domain for session cookies.
I have a host setup as foobar.com with an alias of www.foobar.com.
When a client visits foobar.com I create a cookie-based session for the
user. Everything
With recent discussions about session management, I recalled long time
ago reading about URI rewriting for when the client doesn't handle
cookies properly, and found a useful article about it
http://access1.sun.com/techarticles/sessions.iws.html
URL rewriting is the ability to use sessions
I have an application that does not use cookies and indeed for this
application it is an undesirable overhead to do cookies at all. I know
that I can turn off cookies using the admin application, but I would
like to automate that from within the .war file somehow (I deploy using
a script using
Hi,
I have an application that does not use cookies and indeed for this
application it is an undesirable overhead to do cookies at all. I know
that I can turn off cookies using the admin application, but I would
like to automate that from within the .war file somehow (I deploy using
a script
On Wed, Mar 31, 2004 at 11:55 -0500, Shapira, Yoav wrote:
No to both of your questions. Cookies present minimal overhead anyways:
if they even show up on your profiler CPU time display, then you've done
an unbelievable tuning job.
I am not tuning CPU overhead, I am tuning number of bytes
Hi,
No to both of your questions. Cookies present minimal overhead
anyways:
if they even show up on your profiler CPU time display, then you've
done
an unbelievable tuning job.
I am not tuning CPU overhead, I am tuning number of bytes transmitted
for every request. And for network bandwidth
Hi All, any help solving this mystery is more than welcome:
problem summary: i am using the identical cookie setting and getting code on
different pages within WEBAPPS/ROOT, but second instance of setting and getting
cookies is causing undecipherable 500 error in Tomcat.
-paul.
i have
does anyone know if cookies interact in any way with jsp forward tag?
-paul
- Original Message -
From: Paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, March 08, 2004 3:43 PM
Subject: cookies, second instance of, causing tomcat 500 error
Hi All, any help solving this mystery
could someone give me a process flow description of how cookies work, i.e.,
1)user authenticates - what is actually sent in header???, Is it necessary
to authenticate???
2) cookie issued - Is it sent in the response?
3) user makes request with cookie
4) cookie is recognized - How does this happen
-Original Message-
From: John MccLain [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004 11:37 AM
To: Tomcat user list
Subject: cookies and sessions
could someone give me a process flow description of how
cookies work, i.e.,
1)user authenticates - what is actually
I'm trying to figure out some behavior I'm seeing only when I use Safari
(v1.25 - downloaded from the Apple site last week) and Tomcat. This
involves cookies. I am using Tomcat 5.0.16. I have written a servlet
that sends a cookie back to the server for use later on; I can see this
cookie when
Howdy,
How do you know it's not a Safari bug?
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Hollerman Geralyn M [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 3:09 PM
To: Tomcat Users List
Subject: cookies, Safari, and Tomcat
I'm trying to figure out
Hollerman Geralyn M wrote:
I'm trying to figure out some behavior I'm seeing only when I use
Safari (v1.25 - downloaded from the Apple site last week) and Tomcat.
This involves cookies. I am using Tomcat 5.0.16. I have written a
servlet that sends a cookie back to the server for use later
Aadi Deshpande wrote:
Hollerman Geralyn M wrote:
I'm trying to figure out some behavior I'm seeing only when I use
Safari (v1.25? - downloaded from the Apple site last week) and Tomcat.
This involves cookies. I am using Tomcat 5.0.16. I have written a
servlet that sends a cookie back
From what I understand, the container sends both a cookie and appends
?JSESSIONID= to the url the first time is send a url to a browser.
On subsequent calls, the url is not rewritten if the browser uses
cookies. I need to shut off that url rewrite on the first call. Is
there a way
I have a web site that uses SSL on the main page for logging in (to encrypt
the password) but uses standard HTTP on most pages thereafter. I set a value in
the session that tells me the user is logged in and that value is checked on
every page. If the value is not present, the application
At 12:59 PM 1/23/2004, you wrote:
The Problem
===
The login page creates a session and sets a cookie as follows:
Set-Cookie: JSESSIONID=A26A878059077E1ABEE058A62541957C; Path=/; Secure
The Secure on the end tells the web browser NOT to send the cookie
back to
the server unless it is
rewriting for session
management. It only exhibits itself when using Tomcat by itself with
SSL and cookies turned on.
I found a workaround: I can set an identical JSESSIONID cookie
without the secure setting and it propagates, but now my web
application is Tomcat-specific.
If anyone knows of a better
There is no tomcat option to allow the JSESSION cookie be non-secure is the
cookie was issued during https.
A possible workaround is to try to resend the cookie non-secure. I;ve never
tried this and don't feel like thinking about the consequences at this second.
Or you can go no a non secure
Hi All,
Im working with Tomcat5.0. I have problem in working with cookies. My
requirement is to save the user login info in browser cookie so that for
next time login will make easier for user to avoid entering again, like
usual login in other system.
So, I have added the cookies value
Abdul,
So, I have added the cookies value in servlet, and I can get the cookie
value in jsp. When I work with the same browser fine working. But when close
and open the new browser window I cant get the cookie values.
Setting cookie,
res.addCookie(new Cookie(entID,eID
).
It is. I've been implementing cookies in my app.
Try this:
Cookie cookie = new Cookie(entId, eID);
cookie.setMaxAge(cookie_life_in_seconds);
res.addCookie(cookie);
cookie = new Cookie(ognId, ignId);
cookies.setMaxAge(cookie_life_in_seconds);
res.addCookie(cookie);
This is likely to extend
: Cookies
Since you don't specify the path when you write the cookie it's in
/app/servlet. This means that this cookie can only be read by pages/servlets
in this directory or subdirectories.
Your JSP is in a different directory structure and is not allowed to read
the cookie you wrote.
add
I set a cookie like this from a servlet (URI=
/app/servlet/myPackage.CookieTest):
Cookie userCookie = new Cookie(someName, someValue);
userCookie.setMaxAge(60*60*24*365);
response.addCookie(userCookie);
I later try to read the cookies using a JSP
(/) to your servlet to set the cookie path to the root.
Then your JSP (as it is a subdirectory of the root) can read your cookie.
grts,
Patrick
-Original Message-
From: Mark Tebong [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 2:10 PM
To: Tomcat Users List
Subject: Cookies
some cookies and
then forwards to the original JSP
3) the orig jsp sees those cookies and life is fine.
well i can not make the servlet set the cookies so that the forwarding
jsp sees those cookies.
Cookie cookie1 = new Cookie(USERID,_User.getUname());
cookie1.setMaxAge(-1
Randy,
Because you are doing an RequestDispatcher.include() the my.jsp page is served up in
the same HTTP Response that is setting the
cookies.
my.jsp then looks in the Request for the cookies and doesn't find them there, because
it's looking at the same HTTP Request that was
originally sent
, and then set some cookies and
then forwards to the original JSP
3) the orig jsp sees those cookies and life is fine.
well i can not make the servlet set the cookies so that the forwarding
jsp sees those cookies.
When it comes to doing things like this - I generally use session or
request variables to do
No, I don't know what more can be said. I think it is just impossible!
We can put men on the moon, but if the browser has cookies disabled ... ;)
The dynamic information, i.e. the original request url, has to be saved
somewhere during the authentication process by the app server.
Cookies
I am sorry Adam, I guess you are doing in-container authentification. I know very
little about that, thus I cannot say anything... I do my own authentification. You can
create a session after the user auth there.
other ideas or comments
Jose
On Sun, Sep 28, 2003 at 06:50:05PM +0200, Adam
I think I have a problem.
I want form-based container-managed authentication on my app.
I also want to allow cookies to be disabled.
And I want to keep my JSPs under WEB-INF for security.
It seems I cannot have these 3 combined, because disabling cookies means
I have to do URL rewriting
html files (before logging in)??? If the answer is no, then you could have an html
login form.
Jose
On Sun, Sep 28, 2003 at 05:10:52PM +0200, Adam Hardy wrote:
I think I have a problem.
I want form-based container-managed authentication on my app.
I also want to allow cookies
On 09/28/2003 06:09 PM Jose Alfonso Martinez wrote:
Do you really need to maintain a session, even when the user is just browsing static html files (before logging in)??? If the answer is no, then you could have an html login form.
Try it! If tomcat doesn't have a session id to store the user's
, 2003 at 05:10:52PM +0200, Adam Hardy wrote:
I think I have a problem.
I want form-based container-managed authentication on my app.
I also want to allow cookies to be disabled.
And I want to keep my JSPs under WEB-INF for security.
It seems I cannot have these 3 combined, because
Hi,
I would like to know if there is anyway I could avoid the use of Session
or cookies for a login procedure, but still keep track of the user's login
status?
From,
Anson
-
To unsubscribe, e-mail: [EMAIL PROTECTED
Magic? Actually, you could use URL-rewriting or hidden forms, but anybody
using your page could change the value from 0 to 1 to fool your code
into thinking they'd logged on. They could also do the same with a cookie
if they reverse engineered your cookie data (which is not hard). Best to
use
When you mean 'session' its using methods like HttpSession session =
req.getSession(true);? If yes...then...aren't they still using cookies?
'cause that's what I'm using. And when I test my app by turning off the
cookiesmy app is just...screwed
-Original Message-
From: Christopher
Anson,
If cookies are disabled, Tomcat uses URL rewriting to store the session ID.
When you encode URLs you need to to use special methods to support this
feature. These methods are defined in HttpServletResponse and are:
String encodeURL(String url)
String encodeRedirectURL(String url
Thanks chris I think I know what to do now..thanks!! =)
-Original Message-
From: Christopher Williams [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 9:53 PM
To: Tomcat Users List
Subject: Re: Implementing a Login procedure, but avoiding
cookies/session
Anson
Hi there,
I'm experiencing a strange problem with Tomcat 3.2.4. I use cookies to
store the session id, and everything works fine. But when I access Tomcat
from behind a proxy, the session is lost between pages. Does anyone know why
this happens?
The error situation in Tomcat is exactly
Hello:
HttpServletResponse.encodeURL() has to know if cookies are enabled
or not. Is there an API call to check that?
I looked thru the APIs and found nothing. Searching the web and
mailing list was also fruitless.
Thanks,
Neil
--
Neil Aggarwal, JAMM Consulting, (972)612-6056
Cookie[] cookies = request.getCookies();
will do the trick for you:).
Note: Tomcat checks for cookie on its first response. That's why when you
restart tomcat for the first time, you can see the jsessionid *mysteriously*
appears in the URL.
-Original Message-
From: Neil Aggarwal
Hi everyone,
Does any one know of any reason why an example of code (i.e.
Servlets example) would work utilizing a cookie under 4.1.24 and not
4.0.3? I am looking for any possible guesses you might have. I am
curious if there is any configuration or file permission that might be
Hi,
i use a machine1 with tomcat as a portal to do userauthentification and there is an
other machine2 without tomcat that is providing a service with its own
userauthentification. Machine2 uses POST to receive user and password and stores the
session in cookies at the client. Machine 1 and 2
Howdy.
I have two questions. Note that I have made effort to find answers in
archives but haven't found what I think I need.
Q1: Can Tomcat 4.X do session management if the user's browser is
rejecting cookies? If so, how do I do that? Do I change my code, or
just server/app configuration
Howdy,
Q1: Can Tomcat 4.X do session management if the user's browser is
rejecting cookies? If so, how do I do that? Do I change my code, or
just server/app configuration?
Yes, via URL rewriting, per the Servlet Specification.
Q2: If I want to allow my user, John Smith, to use
http
, Yoav wrote:
Howdy,
Q1: Can Tomcat 4.X do session management if the user's browser is
rejecting cookies? If so, how do I do that? Do I change my code, or
just server/app configuration?
Yes, via URL rewriting, per the Servlet Specification.
Q2: If I want to allow my user, John Smith, to use
http
Howdy,
Q1 - I'm looking for pointers to examples or documents. I see where
the
spec requires that capability, but I don't know the correct way to
exercise it. Does it just mean that I wrap every form action= url
and every reponse.sendRedirect() with encodeUrl()?
No, you don't need to worry
Maybe my homegrown access control is flawed. When I disable cookies in
my browser, my apps break.
I have a login form whose action is ProcessLogin.jsp. That page
validates the username and password against a database, and if
successful it stuffs my valid User object into an App object
()
I'd try it and see.
-Original Message-
From: Michael Teter [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 02, 2003 4:12 PM
To: Tomcat Users List
Subject: Re: Sessions sans cookies? URL Rewriting?
Maybe my homegrown access control is flawed. When I disable
cookies in
my
Howdy,
If it wasn't from Yoav, I would have said the following:
Say it anyways ;)
I've seen it written that one should ensure all URL emitted from your
system should be passed through encodeRedirectURL()
I'd try it and see.
I second that: at the very least, it's a good test and a good
Dear Team,
I have the war file , i deported with apache . Now i need to
configure the cookies . Pls let me know how to do it .
Thanks
Sriram
On Thu, 5 Jun 2003 03:29, Sriram Radhakrishnan wrote:
Dear Team,
I have the war file , i deported with apache . Now i need to
configure the cookies . Pls let me know how to do it .
Hi,
What .war file would that be and what do you mean 'deported with apache'?
It's not clear at all
1 - 100 of 300 matches
Mail list logo
