David wrote:
I've tried forcing the url rewriting behavior by deploying the following snippet in a context.xml file in my webapp's META-INF directory.<Context path="/mywebapp debug="10" cookies="false"> <!-- Default set of monitored resources --> <WatchedResource>WEB-INF/web.xml</WatchedResource> <!-- Uncomment this to disable session persistence across Tomcat restarts --> <!-- <Manager pathname="" /> --> </Context>
Note: path attribute should not be set, unless the context is defined in server.xml, which is *strongly* discouraged.
<Context debug="10" cookies="false"> <!-- Default set of monitored resources --> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context>Please define exactly what you mean by 'exposes a Cookie object', and how/where you are checking that. You may consider posting the relevant code in your steps.
Which browser are you using, and have you double/triple checked that cookies are not already set?
Does the problem replicate across multiple browsers? What happens if you turn cookies off at the browser as well?IMHO it's unlikely to be a bug, if you're using the most recent version of the server - which versions of 5.0.x and 5.5.y?
rgds, pid
This provides a work-around under Tomcat 5.5, but does not change thebehavior seen under Tomcat 5.0. And of course, Tomcat 5.0 is the version weship our product with. :) I've also tried taking the snippet and adding itto Tomcat 5.0's server.xml file, but that also does not force url rewriting.So there seem to be two issues. First, when url encoding produces cookies, why does the request to the servlet in step 2) not transmit the cookie and reuse the same original session, but it is sent and reused in step 3)? Second, why does the configuration for turning off cookies not work under Tomcat 5.0? Thanks, again. David On 4/28/07, Rashmi Rubdi <[EMAIL PROTECTED]> wrote:On 4/28/07, David <[EMAIL PROTECTED]> wrote: > Rashmi, > > Thanks for your initial response. I guess I wasn't clear on a few things.> The behavior I'm seeing is the same in both Tomcat 5.0 and 5.5, and theyare > both configured the same -- using default behavior for cookies. Sorry for repeating this, but just to be clear, in the above statement, default behavior means that cookies="true". This means that in the browser when cookies are enabled, JSESSION id will be written to a cookie. > I should elaborate further and mention that the urlEncode method causes url > rewriting to occur. So a cookie does not appear in my client browser > (verified with a cookie viewer for IE). Despite this apparent lack of > client side cookie, when doGet is invoked in step 3) Tomcat exposes a cookie > object with the session id of Session1 off of the HttpServletRequest object What happens if you set cookies="false" ? > and has stripped off the Session 2 session id on the encoded URL from step > 2). > > David > -Regards Rashmi --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
