Konstantin,
My expectation was that the same session would be used by App2 after
the redirect. The javadoc for HttpServletResponse. encodeRedirectURL
looks clear that it should retain the session either by cookies or by
URL rewriting.
HttpServletResponse.encodeRedirectURL
"Encodes the specified URL for use in the sendRedirect method or, if
encoding is not needed, returns the URL unchanged. The implementation
of this method includes the logic to determine whether the session ID
needs to be encoded in the URL. Because the rules for making this
determination can differ from those used to decide whether to encode a
normal link, this method is separated from the encodeURL method.
All URLs sent to the HttpServletResponse.sendRedirect method should be
run through this method. Otherwise, URL rewriting cannot be used with
browsers which do not support cookies."
I would expect the encodeRedirectURL to work as follows:
1 - Redirect to the same application context
A - Cookies supported - Do not rewrite the URL
B - Cookies not supported - Rewrite the URL to include session id
2 - Redirect to a different application context
Always rewite the URL to include the session id.
Thanks,
Greg
On Wed, Jan 21, 2009 at 7:55 AM, Konstantin Kolinko
<knst.koli...@gmail.com> wrote:
>
> 2009/1/20 Greg Burrow <gregbur...@gmail.com>:
> > Hello,
> > I have two web applications in different context, one servlet will forward
> > the request to a servlet in the other application using encodeRedirectURL
> > and sendRedirect. The receiving servlet creates a new session and session
> > attributes are lost.
> > Running Tomcat 5.5.17.
> >
> > Here is the flow:
> >
> > GET /App1/RedirectServlet HTTP/1.1
> > Cookie: JSESSIONID=7AFACD0318419C34938B6410BB9A1937
> >
> > RedirectServlet
> > response.sendRedirect(response.encodeRedirectURL("/App2/LaunchServlet"));
> >
> > HTTP/1.x 302 Moved Temporarily
> >
> > GET /App2/LaunchServlet HTTP/1.1
> > (no cookie)
> >
> > HTTP/1.x 200 OK
> > Set-Cookie: JSESSIONID=BE408BFD3480E29DF2A4278BCA3C1FC6; Path=/App2
> >
> >
> > The same behavior occurs in Firefox and IE. Cookies are enabled in both
> > browsers and crossContext="true" in context.xml. Is this a bug in Tomcat or
> > a problem with my method of redirect?
> >
>
> I do not understand, what are you expecting?
>
> Note, that according to the spec you cannot share a session between
> different web applications. That is, session ID can be the same, but
> the session object is different.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
