hi Krist,
In LiveHTTPHeaders: Set-Cookie: JSESSIONID=2637CA3EADF9422597DF276AE1846E55; Path=/abc; Secure So I guess this means that the session is "secure". and from what you have said, the brwoser cannot send this cookie over http. If the above reasoning is true, what are the alternatives? thanks in advance --- On Mon, 21/4/08, Krist van Besien <[EMAIL PROTECTED]> wrote: > From: Krist van Besien <[EMAIL PROTECTED]> > Subject: Re: [EMAIL PROTECTED] apache does not preserve user session of tomcat > To: users@httpd.apache.org, [EMAIL PROTECTED] > Date: Monday, 21 April, 2008, 4:09 PM > On Mon, Apr 21, 2008 at 2:21 PM, Melanie Pfefer > <[EMAIL PROTECTED]> wrote: > > > Before editing httpd.conf, on the tomcat side: how to > set the correct cookiedomain in the webapp? > > How to set this in the webapp I can't know, as I'm > not a webapp > specialist. But I have to deal with similar problems you > have all the > time. > What I'd suggest is look at what exactly the server > sends, and what > the browser does with it. You can use firefox, and an > extension like > LiveHTTPHeaders to see exactly what gets send by the server > and by the > browser. This will allow to see what the cookie looks like > that gets > sent. > There is another thing I remembered. You are proxying http > to https. > Now it is possible that the cookie that your tomcat > generates (and > passes to the browser) is a "secure" cookie. Some > java webapps do this > by default if accessed over https. A browser will never > send such a > cookie over a non-secure connection. So if you access your > webapp via > your apache server the browser gets it's cookie, but > never sends it > back, on subsequent requests, so the session info gets > lost. You can > verify this using LiveHTTPHeaders. > > Krist > > -- > [EMAIL PROTECTED] > [EMAIL PROTECTED] > Bremgarten b. Bern, Switzerland > -- > A: It reverses the normal flow of conversation. > Q: What's wrong with top-posting? > A: Top-posting. > Q: What's the biggest scourge on plain text email > discussions? > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for > more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] __________________________________________________________ Sent from Yahoo! Mail. A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
