> -----Original Message----- > From: Terry Horner [mailto:t.hor...@dancerace.com] > Sent: Friday, April 09, 2010 5:08 PM > To: users@tomcat.apache.org > Subject: RE: Tomcat 6.0.24 requires me to log on twice > > -----Original Message----- > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Sent: Thursday, April 08, 2010 11:35 PM > > To: Tomcat Users List > > Subject: Re: Tomcat 6.0.24 requires me to log on twice > > -----BEGIN PGP SIGNED MESSAGE----- > > Does your webapp's code do anything with cookies and/or > inspecting the > > session? > > - -chris > > Not with the JSESSIONID cookie, its adds other cookies with > response.addCookie(), and reads those cookies, but doesn't > modify any. [...]
However, the application does copy headers from a request it forwards on. And it was copying these using setHeader(), when it should have been using addHeader(). As one of the headers was the Set-Cookie header this meant the app was overwriting the Set-Cookie header for JSESSIONIDSSO (and doing something similar if SSO was disabled). For some reason (change 45255?) this behaviour worked fine on Tomcat 6.0.20, but not later versions. I have corrected the code and now everything runs smoothly. Thanks for your help here. Terry _______________________________________ The information contained in this message is confidential and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. This mail and any attachments have been scanned for viruses prior to leaving the Dancerace network. Dancerace plc will not be liable for direct, special, indirect or consequential damages arising from the alteration of the contents of this message by a third party or as a result of any virus being passed on. Dancerace plc reserve the right to monitor and record e-mail messages sent to and from this address for the purpose of investigating or detecting any unauthorised use of its system and ensuring its effective operation. _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/
****** Message from InterScan VirusWall 6 ****** ** No virus found in attached file noname.htm InterScan VirusWall 6 has scanned this message and found it to be free of known viruses. ***************** End of message ***************
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org