I've observed the same phenomenon.
It's just a theory, but I suspect it might have to do with Internet Explorer
6 itself. I think Microsoft quietly changed IE6's default cookie-acceptance
behavior to automatically reject all cookies from sites not meeting its
criteria for auto-acceptance. Taking a wild guess, IE6 might now
automatically reject cookies from sites accessed via IP addresses that don't
resolve to a hostname.
Another possibility: a few years ago, when anti-cookie hysteria was being
fanned by magazines eager to scare naive readers and people were disabling
cookies for stupid reasons (like thinking a "malevolent cookie" could
reformat their hard drive), Microsoft quietly introduced a special anonymous
cookie-in-all-but-name ("session id") that persisted only for the duration
of a single session (I think it even went away if you browsed to another
site or were inactive for more than an hour), but could not be disabled (so
IIS could depend upon its availability and use it to track users from page
to page within the session and match the correct IIS session variables with
the right user). I'm not sure whether Tomcat and other servlet containers
take advantage of it (or whether they'd even be ABLE to without lying to the
browser and pretending to be IIS), but I see two likely scenarios:
1) Tomcat (and other servlet containers) can't/don't use the special
anonymous session ID, and IE6 is now denying session-cookies by default
because something is triggering the behavior (non-resolvable IP, etc.)
2) Tomcat (and other servlet containers) DO use MSIE session IDs when
available, but IE6 now denies even THAT to sites that fail to meet its
criteria for acceptablity (possibly holding sites openly running a server
other than IIS to a higher standard)
>I was using Tomcat 3.2.1 and switched to Catalina 4.0.3 (both on Windows
>2000). Now my browser (IE6.0 on Windows 2000) gets no cookies anymore. It
>seems that the session management ist now handled using URL rewritting and
I
>don't know why.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
