-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom,
Tom van Wietmarschen wrote: | What I want to change is how the session id is communicated to the | client and back. Basically, I want to change the object that retrieves | the session ID from the HTTP request and feeds it to the session | manager. That object /is/ the CoyoteAdapter, which is why I suggested it originally. See my most recent post for a less intrusive possibility. | The problem with both cookies and session id's in the URL is that we | develop applications for use on cellphones. Cell network operators are a | bunch of not-so-nice-people who sometimes feel the need to screw up HTTP | traffic in their gateways, e.g. by messing with cookies and session ids. Can you give us an example of what happens to your JSESSIONID cookie? | There is no guarantee that the cookies that arrive on the handset are | the same as the ones that have been sent out from our servers. Sometimes | cookies go missing, standard HTTP headers are mutilated, etc. That sucks. Is it selective? I mean... do you always get the GET line correctly, just the others are hosed? | The problem is that if the client | sends the session ID to the server in a custom header, Tomcat needs to | pick up that session id and use that when calling findSession. So who is | calling findSession and is it something I can easily replace ? Again, see my earlier post. | Furthermore, as an additional difficulty, we only use sessions in a | subset of our applications, so it would be preferrable if this is | something we can enable on a per-application basis. The solution I proposed can be enabled for all applications and it will not interfere with normal operations. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfO0q0ACgkQ9CaO5/Lv0PAyPQCfWaRX7x+21dHz4pIFzjbEXS9c hIQAn3S4yV8pnKCoTwu+wbRclFkkVZ36 =lYfQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]