Hi Christopher,
Thank you for your answer,
I've monitored the value of cookies with debug mode at server running,
and the cookie values were be set to the new values.
I'm not sure what effect of setting the session as invalidate and
setting new cookie values,
I think set session as invalidate was telling the server this session
should be invalidated,
and set cookies as new values was telling the client browser to set the
new value to cookies,
what I think as that, and I'm not sure do I right or wrong?!
Why I attempt to delete the cookie from client's machine, that is a
requirement from my desinger,
and I don't know why and I don't need to know(I've asked why do that
before....)
the redirection is a complicated linking flow, and I'm sure it was
properly, because it was working well
after I changed the logout URL path. Why we do that from a main site
redirecte to second site and
finally redirecte back to the main site, that is becausr we want the
both sites to clean-up their own
cookies when logout was be requested.
now, I still don't know why I must change the logout URL path(the URL
path of cookies modifier) same
as the login URL path(the URL path of cookie creator) when I was through
the main site to seconf site,
and they are at same host by different server port number. But if I just
open a new browser and to
request the second site logout URL(with different URL path), then the
cookies of second site could be
expired by this request!
Best regards,
Bon
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Bon,
>
> Bon wrote:
>> the logout Servlet will do something as following:
>> 1. set the cookies maxAge to 0 and add them into response again.
>> cookie.setMaxAge(0);
>> response.addCookie(cookie);
>> 2. set the session to invalidate
>> request.getSession().invalidate();
>> 3. response.sendRedirect(redirectTo); redirectTo is the URL of second
>> site's logout link.
>> then the client browser will redirect to second site's logout URL,
>> and
>> it is a Struts Action,
>> and this logout Action will do something as following:
>> 1. set the session to invalidate
>> 2. set the cookie maxAge to 0 and add them into response again.
>> cookies[i].setMaxAge(0);
>> response.addCookie(cookies[i]);
>> 3. forward to a logout default display page.
>> 4. direct to main site some page by form submit in default logout
>> display page.
>
> You should check to make sure that new cookies are not replacing the old
> cookies immediately after the invalidate() has been called. Also note
> that calling setMaxAge before calling invalidate() is not particularly
> useful: the cookie is expired when you call session.invalidate() so you
> can clean up your code a bit. Why are you bothering to attempt to delete
> the cookie from the client's machine?
>
>> and I found the cookie of main site was be removed but the second
>> site
>> did not!
>
> Are you sure that your redirection is working properly?
>
> I would also look in your cookie cache to see what the details of the
> remaining cookie are. Could you post those?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkkUWuwACgkQ9CaO5/Lv0PBzPACdGfVgxaN/28RxwOMtYVu3UiYW
> 0Z4Anj1gIKZ+3qwArKVSRJlsb/40nkTb
> =w4Us
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/a-cookie-question-of-one-Server-with-two-tomcat-server-tp20355052p20414674.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
