"Christopher Schultz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All, > > I have two applications deployed in production that share a URL space. > Actually, one is deployed as the root webapp, the the other one is at, > say, "/foo". > > My problem is that each webapp maintains its own session identifiers as > cookies. Since the session id cookie is always called JSESSIONID, a > visitor who uses both applications gets two cookies (one with /, and one > with /foo) with different JSESSIONID values. I'm guessing that Tomcat > doesn't try to pick the "best" one, since things get /really/ confusing > when this happens. Basically, our users get caught in a continuous > please-login -> login -> please-login -> login loop. It appears that the > root JSESSIONID is being preferred over the more recent /foo one, which > is never read properly so the login can never happen. > > Does anyone have any suggestions for how to fix this? Some obvious ideas > are: >
Enabling the RequestDumper to see if the browser is actually sending the path would help. ATM, Tomcat simply assumes that the browser sends the longest matching cookie (or at least sends the longest matching cookie first) and doesn't send back the path. If any significant browser is sending the path back, then Tomcat could also pick the longest path cookie as well. > 1. Don't do that. > 2. Change the session id cookie name in one of the apps (is this > possible and/or recommended?) Not possible on TC without hacking the code. > 3. Use SSO -- except that I currently deploy these two applications > in separate Tomcat instances. > 4. Re-deploy the root webapp to /bar and forward / to /bar. The browser should reject the '/' cookie in this case, since the URL that it sees doesn't start with '/bar'. > > I'm just looking for the "right" solution. Any comments or suggestions > would be appreciated. > > Thanks, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGs38V9CaO5/Lv0PARApHzAKCqMrz2AntBJDAosgUkd5iBzBZVRwCglY2m > SlO68LvbodFxNLWIoObTorQ= > =KdXa > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
