I am appending jsessionid to the url. Abt PoST OR GET I am doing a <meta refesh> so It is a get I believe.
Jiger >From: tek1 <[EMAIL PROTECTED]> >Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> >To: Tomcat Users List <[EMAIL PROTECTED]> >Subject: Re: Tomcat refusing jsessionid's >Date: Sat, 25 May 2002 23:45:12 +0900 >MIME-Version: 1.0 >Received: from nagoya.betaversion.org ([192.18.49.131]) by hotmail.com with >Microsoft SMTPSVC(5.0.2195.4905); Sat, 25 May 2002 20:47:45 -0700 >Received: (qmail 25827 invoked by uid 97); 26 May 2002 03:47:20 -0000 >Received: (qmail 25782 invoked by uid 98); 26 May 2002 03:47:20 -0000 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org> >Delivered-To: mailing list [EMAIL PROTECTED] >X-Antivirus: nagoya (v4198 created Apr 24 2002) >In-reply-to: <[EMAIL PROTECTED]> >X-Sender: (Unverified) >Message-id: <[EMAIL PROTECTED]> >X-Mailer: QUALCOMM Windows Eudora Version 4.3.2-J >X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N >Return-Path: >[EMAIL PROTECTED] >X-OriginalArrivalTime: 26 May 2002 03:47:45.0745 (UTC) >FILETIME=[18B57410:01C20468] > >is it possible for a client to append JSESSIONID=<sessionId> to the url >(i.e. >http://theurl.com/theservlet?JSESSIONID=A4A0314540585318A4F5E327F1457375) >and still use the POST method, or is the usage of GET mandatory? > >thanks. > > > >At 08:54 02/05/26 +0530, you wrote: >>Philip, >> I did try using url re-writing using jsessionid'd & that is why I >>wrote this mail. TOmcat seems to use jsessionid in cookies first & if not >>there only then take jsessionid from url. This is my guess coz that is >>what is happening. >> >>Does anyone have any idea how to force using jsessionid in such situations >>to make user jump between two domains(though they are in reality same >>machine & same tomcat) without his knowlege. >> >>-Jiger >> >> >>>From: Phillip Morelock <[EMAIL PROTECTED]> >>>Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> >>>To: Tomcat Users List <[EMAIL PROTECTED]> >>>Subject: Re: Tomcat refusing jsessionid's >>>Date: Sat, 25 May 2002 09:14:27 -0700 >>>MIME-Version: 1.0 >>>Received: from [192.18.49.131] by hotmail.com (3.2) with ESMTP id >>>MHotMailBEB9037700594004310EC0123183C6C00; Sat, 25 May 2002 09:14:47 >>>-0700 >>>Received: (qmail 2532 invoked by uid 97); 25 May 2002 16:14:29 -0000 >>>Received: (qmail 2516 invoked by uid 98); 25 May 2002 16:14:29 -0000 >>From tomcat-user-return-20632-jigerjava Sat, 25 May 2002 09:16:15 -0700 >>>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >>>Precedence: bulk >>>List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >>>List-Subscribe: <mailto:[EMAIL PROTECTED]> >>>List-Help: <mailto:[EMAIL PROTECTED]> >>>List-Post: <mailto:[EMAIL PROTECTED]> >>>List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org> >>>Delivered-To: mailing list [EMAIL PROTECTED] >>>X-Antivirus: nagoya (v4198 created Apr 24 2002) >>>User-Agent: Microsoft-Entourage/10.0.0.1309 >>>Message-ID: <[EMAIL PROTECTED]> >>>In-Reply-To: <[EMAIL PROTECTED]> >>>X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N >>> >>>HTTP sessions....browsers are configured to associate cookies with domain >>>names. They will not transmit a cookie to a domain other than the >>>originating domain (at least they shouldn't). It has nothing to do with >>>IP >>>address, only domain name. I am not sure I understand your question, but >>>if >>>I am reading it correctly, the only thing you can do is some manual >>>persistence scheme, such as using a database and url rewriting or some >>>similar scheme. >>> >>>does this help? >>> >>>fillup >>> >>> >>>On 5/25/02 3:43 AM, "Jiger Java" <[EMAIL PROTECTED]> wrote: >>> >>> > Hi, >>> > I have checked the archives already but did not come across similar >>> > problems so I would like to ask it. >>> > >>> > My Platform: >>> > Tomcat 4.0. >>> > JDK 1.4 >>> > RHT Linux >>> > >>> > We have this application hosted on an generic server say >>> > http://www.server.com now our reseller's can map their DNS such that >>> > www.reseller.com points to www.server.com this will be dynamic( since >>> > reseller's will be doing it themselves) so I can't use "virtual host" >>> > feature of tomcat. The idea is that customer of that reseller should >>>not >>> > come to know that they are actually buying stuff from us & so the >>>customer >>> > *always* sees the reseller's website url in his browser. All pages >>>post to >>> > http://www.reseller.com/customer/xyz , which would post to us due to >>>DNS >>> > mapping. So far so good. But in many critical places like Login, >>>customer >>> > signup, we have hardcoded url's to our https:// server (same machine >>>same >>> > tomcat) becoz reseller need not buy Secure Certificates. >>> > This is the problem. Inspite of my adding jsessionid to all such >>> > pages right from posting to https:// to <META> refreshes, I still >>>can't seem >>> > to get back the session. Logically, if I pass in the right sessionid, >>>tomcat >>> > should pick up the correct session but it is still picking up >>>pre-login >>> > session & refusing the new sessionid got in the Authenticationservlet. >>> > >>> > I attach the jsessionid something like this >>> > >>>http://www.reseller.com:10001/anacreon/servlet/CustomerIndexServlet?jsessionid >>> > =A4A0314540585318A4F5E327F1457375 >>> > >>> > Does anyone have any idea how to solve it. Please ask me if you >>>need >>> > more clarifications. I need to get this thing out. >>> > >>> > Thanks & Awaiting your replies, >>> > Jiger >>> > >>> > >>> > >>> > _________________________________________________________________ >>> > MSN Photos is the easiest way to share and print your photos: >>> > http://photos.msn.com/support/worldwide.aspx >>> > >>> > >>> > -- >>> > To unsubscribe, e-mail: >>><mailto:[EMAIL PROTECTED]> >>> > For additional commands, e-mail: >>><mailto:[EMAIL PROTECTED]> >>> > >>> >>> >>>-- >>>To unsubscribe, e-mail: >>><mailto:[EMAIL PROTECTED]> >>>For additional commands, e-mail: >>><mailto:[EMAIL PROTECTED]> >> >> >> >> >>_________________________________________________________________ >>Send and receive Hotmail on your mobile device: http://mobile.msn.com >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: >><mailto:[EMAIL PROTECTED]> > > >-- >To unsubscribe, e-mail: ><mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: ><mailto:[EMAIL PROTECTED]> _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>