-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ron,
On 7/22/2009 5:09 AM, Ron McNulty wrote: > The only fix was to correctly configure the offending server - there is > nothing Tomcat can do. When a browser has two cookies with the same name > in scope, the outcome is indeterminate. We found that the wider scoped > cookie took precedence. I've often thought the name of the JSESSIONID > cookie should be configurable, but to my knowledge it is hard-coded. As Mark points out, this is configurable in 6.0.19. When multiple JSESSIONID cookies exist, Tomcat will try them, one at a time, until it finds one that matches a valid session in the container, so multiple JSESSIONID cookies shouldn't be a problem. If you call request.getRequestedSessionId() and it did not produce a valid session, then the session id will appear to be wonky. It would be better to call request.getSession().getId() to be sure you're really using the right session id. Uwe, are you seeing this strange JSESSIONID in the request headers (via an HTTP sniffer) or are you accessing this id through the API? I'm wondering if you are drawing an improper conclusion. You weren't specific about the circumstances so it's tough to diagnose. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpnHbgACgkQ9CaO5/Lv0PCHCgCggHT5n24kbfwJ9hQyWFu577j6 eTMAoKefxgqhEWaLl08+yfvFxZrGXz4p =BsM8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
