On Oct 13, 2009, at 23:15 , Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Johan,
On 10/13/2009 3:41 AM, Johan Ström wrote:
In catalina/connector/Request.java and CoyoteAdaptor, we first
check for
a sessino ID on the URL, store it in Request, and then we check
for a
cookie, and if we got one, we just overwrite the session ID from
the URL.
Is it acceptable to simply disable the use of cookies for your site
entirely? Setting <Context cookies="false"> will disable the use of
cookies altogether for your site. This would allow you to configure
your
way out of this problem rather than coding your way out of it (at
least,
until a more permanent cookie-friendly solution could be reached).
I'm afraid not, since the URL loaded is in the same app as the "main"
app, just with a custom view. So as long as its per application, thats
not a solution.
Anyway, I have tested my patch and I do have my own (now) custom built
Tomcat, so using this solution is not a problem. Just wanted to get
input from someone more experienced with the tomcat internals before I
started more testing/deploying of this!
So, thanks for any input :)
Johan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
