-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jose,
On 3/1/13 2:46 PM, Jose María Zaragoza wrote: > I wonder why browsers don't send only one JSESSIONID If I request > an URL as www.mydomain.com/app/myapplication/action.do and it has > got 2 cookies with the same name, one for www.mydomain.com/ and > another for www.mydomain.com/app/myapplication/ , IMHO, that a > browser should send the most restrictive That would significantly limit the usefulness of cookies. The cookie's "path" is really a path prefix. It would have been nice of the cookie spec had been written so that clients sending a Cookie: header would indicate the original path, but that's not the case so you have to implement some workarounds sometimes. > Indeed, I don't know if there is some browser working like that. It would violate the spec, which probably means that MSIE can be configured to behave as you describe. > Christopher, if the browser sends a JSESSIONID to Tomcat and this > JSESSIONID is not tracked by the server , does any error happen ? > or is it created a new session with a new identifier ? Tomcat ignores the session id unless a) the webapp (or a filter, valve, etc.) requests the session or b) the server is configured to strictly adhere to the servlet specification (or both). Sending an invalid session id is not an error. If the session id is invalid and the webapp requests a session, then a new session - with a new id - will be created. If the session id is invalid and strict spec compliance is enabled (and the webapp does *not* specifically request the session), I suspect the session id will be ignored entirely (but haven't tested Tomcat under this configuration, nor have I read the code). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEyAh0ACgkQ9CaO5/Lv0PC7WQCfUBpEyteBM1QnwDP60bD7E931 vbQAn38vJkmxS4Fd7mDRU/ORmIZ8XofD =k4w/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
