Re: Fix the cookie path with mod_jk

Fri, 22 Apr 2011 04:55:01 -0700 

Hi All.
I'm sorry that my response is late.

I have examined about mod_rewrite.
And I understood that mod_rewrite can't touch the response header.
Thank you for the advices, Chris and Thomas.

> Now the issue is : who is setting the cookie path ?

My application is setting the cookie path,
so the most reasonable way to resolve this problem is fix my apps.

But I'm going to take into consideration to update Apache
and to use mod_headers, too.
Because Apache 2.2.3 is old and many bugs are fixed in the latest version.

Thank you for your kindness.

Best regards,

(2011/04/21 14:44), Thomas Freitag wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi André,

On 04/20/2011 12:53 AM, André Warnier wrote:

Fixing/altering outgoing (response) headers is beyond the
functionality of mod_rewrite. The other parts work with mod_rewrite,
but mod_headers (with its edit functionality) is an important part in
this use case.



Getting back to the original issue, Thomas seems to be right when he
says that if the cookie path is set to /foo, the browser will return it
also for URLs such as /foobar and /foofoo.
 From the Cookie RFCs, i gather that the cookie path is taken as a
*prefix*, and /foo is a prefix of /foobar.


That point was statet by Yu...


Now the issue is : who is setting the cookie path ?  if it is the
application, and if this is a concern, then I would suggest to fix the
application.


The container set the path, at least for the JSESSIONID cookie.

Regards,
- --
Thomas Freitag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk2vxDwACgkQGE5pHr3PKuWp4ACeKI1BxAC+OUj6Z/kAcLml5hnC
vTUAn1CLYnXua/hmFwNSA/o/Hs601Sd7
=c1Yh
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to