-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All,
I have two applications deployed in production that share a URL space. Actually, one is deployed as the root webapp, the the other one is at, say, "/foo". My problem is that each webapp maintains its own session identifiers as cookies. Since the session id cookie is always called JSESSIONID, a visitor who uses both applications gets two cookies (one with /, and one with /foo) with different JSESSIONID values. I'm guessing that Tomcat doesn't try to pick the "best" one, since things get /really/ confusing when this happens. Basically, our users get caught in a continuous please-login -> login -> please-login -> login loop. It appears that the root JSESSIONID is being preferred over the more recent /foo one, which is never read properly so the login can never happen. Does anyone have any suggestions for how to fix this? Some obvious ideas are: 1. Don't do that. 2. Change the session id cookie name in one of the apps (is this possible and/or recommended?) 3. Use SSO -- except that I currently deploy these two applications in separate Tomcat instances. 4. Re-deploy the root webapp to /bar and forward / to /bar. I'm just looking for the "right" solution. Any comments or suggestions would be appreciated. Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGs38V9CaO5/Lv0PARApHzAKCqMrz2AntBJDAosgUkd5iBzBZVRwCglY2m SlO68LvbodFxNLWIoObTorQ= =KdXa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]