Cool, after I wrote it I thought that might be what you meant. Maybe you should just turn off cookies and _only_ use url rewriting? That's what I'd try, but maybe you have a reason not to do that?
fillup On 5/25/02 8:24 PM, "Jiger Java" <[EMAIL PROTECTED]> wrote: > Philip, > I did try using url re-writing using jsessionid'd & that is why I > wrote this mail. TOmcat seems to use jsessionid in cookies first & if not > there only then take jsessionid from url. This is my guess coz that is what > is happening. > > Does anyone have any idea how to force using jsessionid in such situations > to make user jump between two domains(though they are in reality same > machine & same tomcat) without his knowlege. > > -Jiger > > >> From: Phillip Morelock <[EMAIL PROTECTED]> >> Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> >> To: Tomcat Users List <[EMAIL PROTECTED]> >> Subject: Re: Tomcat refusing jsessionid's >> Date: Sat, 25 May 2002 09:14:27 -0700 >> MIME-Version: 1.0 >> Received: from [192.18.49.131] by hotmail.com (3.2) with ESMTP id >> MHotMailBEB9037700594004310EC0123183C6C00; Sat, 25 May 2002 09:14:47 -0700 >> Received: (qmail 2532 invoked by uid 97); 25 May 2002 16:14:29 -0000 >> Received: (qmail 2516 invoked by uid 98); 25 May 2002 16:14:29 -0000 >> From tomcat-user-return-20632-jigerjava Sat, 25 May 2002 09:16:15 -0700 >> Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >> Precedence: bulk >> List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >> List-Subscribe: <mailto:[EMAIL PROTECTED]> >> List-Help: <mailto:[EMAIL PROTECTED]> >> List-Post: <mailto:[EMAIL PROTECTED]> >> List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org> >> Delivered-To: mailing list [EMAIL PROTECTED] >> X-Antivirus: nagoya (v4198 created Apr 24 2002) >> User-Agent: Microsoft-Entourage/10.0.0.1309 >> Message-ID: <[EMAIL PROTECTED]> >> In-Reply-To: <[EMAIL PROTECTED]> >> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N >> >> HTTP sessions....browsers are configured to associate cookies with domain >> names. They will not transmit a cookie to a domain other than the >> originating domain (at least they shouldn't). It has nothing to do with IP >> address, only domain name. I am not sure I understand your question, but >> if >> I am reading it correctly, the only thing you can do is some manual >> persistence scheme, such as using a database and url rewriting or some >> similar scheme. >> >> does this help? >> >> fillup >> >> >> On 5/25/02 3:43 AM, "Jiger Java" <[EMAIL PROTECTED]> wrote: >> >>> Hi, >>> I have checked the archives already but did not come across similar >>> problems so I would like to ask it. >>> >>> My Platform: >>> Tomcat 4.0. >>> JDK 1.4 >>> RHT Linux >>> >>> We have this application hosted on an generic server say >>> http://www.server.com now our reseller's can map their DNS such that >>> www.reseller.com points to www.server.com this will be dynamic( since >>> reseller's will be doing it themselves) so I can't use "virtual host" >>> feature of tomcat. The idea is that customer of that reseller should not >>> come to know that they are actually buying stuff from us & so the >> customer >>> *always* sees the reseller's website url in his browser. All pages post >> to >>> http://www.reseller.com/customer/xyz , which would post to us due to DNS >>> mapping. So far so good. But in many critical places like Login, >> customer >>> signup, we have hardcoded url's to our https:// server (same machine >> same >>> tomcat) becoz reseller need not buy Secure Certificates. >>> This is the problem. Inspite of my adding jsessionid to all such >>> pages right from posting to https:// to <META> refreshes, I still can't >> seem >>> to get back the session. Logically, if I pass in the right sessionid, >> tomcat >>> should pick up the correct session but it is still picking up pre-login >>> session & refusing the new sessionid got in the Authenticationservlet. >>> >>> I attach the jsessionid something like this >>> >> http://www.reseller.com:10001/anacreon/servlet/CustomerIndexServlet?jsessioni>> d >>> =A4A0314540585318A4F5E327F1457375 >>> >>> Does anyone have any idea how to solve it. Please ask me if you >> need >>> more clarifications. I need to get this thing out. >>> >>> Thanks & Awaiting your replies, >>> Jiger >>> >>> >>> >>> _________________________________________________________________ >>> MSN Photos is the easiest way to share and print your photos: >>> http://photos.msn.com/support/worldwide.aspx >>> >>> >>> -- >>> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >>> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >>> >> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>