Sorry Steve, one information isnt right! First, using Sniffer to monitor all http traffic, i found out one important news: the authentication app's plugin works with Session object instead of Cookie object. What kind of information would you like to receive about it? Does Session object work different between OC4J and TomCat? Euclides.
-----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 1 de agosto de 2003 12:22 Para: 'Tomcat Users List' Assunto: RES: Cookie problem max age problem - Best practice to solve it > Assunto: Re: RES: Cookie problem max age problem - Best practice to solve it > the authentication app's plugin wasnt created by me, its only stored on > TomCat to be used by my Java app. This plugin runs together with another app > server, which completes the authentication process. After this process is > completed ok, a cookie is created. So, when the user asks for logout, the > plugin tries to delete the cookie, probably setting 0 to max age. If i work > with OC4J, this steps runs fine and the user becomes abled to make another > login request on the same browser instance, without needing to close it. > But, if i work with TomCat, i need to close the browser instance and open > another one to be sucessful. > Needing help still. > Regards, Euclides. This does not change any of the previous discussion. The problem hinges on the answers to two questions: >> What are the values used for domain, path, and name when the cookie >> is set? >> What are the values used for domain, path, and name when the cookie >> is deleted? If you can demonstrate that the same set of values are used in both cases, then this sounds like it would be a tomcat problem. You can examine the Set-Cookie headers sent by the server to see whether this is the case. Otherwise, this is an issue that should be raised with the vendor who provided the authentication plugin. -- Steve --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
