Hi Paul,
Cookies are limited to a path, check the response headers of your app, you
should have something like this in direct connect:
Set-Cookie: wosid=qsdkBs0tigeyOo6s8YI7Rg; version="1";
path=/cgi-bin/WebObjects/ENTChronos.woa
or like this being apache:
Set-Cookie: wosid=bbflTv3ytMZXHTbYtSmb0g; version="1"; path=/admin
So if your login url is simpler and you use a rewrite rule like this one
RewriteRule ^/$ /cgi-bin/WebObjects/ENTChronos.woa [PT,L]
Your browser will not send the cookie because the path is not there. By
replacing the [PT,L] by [R,L] and the url by the real app public prefix, you
force the browser to send a new request with the cookie set. Here is my apache
config:
RewriteRule ^/$ /admin [R,L]
RewriteRule ^/admin(.*)$ /cgi-bin/WebObjects/ENTChronos.woa$1 [PT,L]
Even with that, ,my app still create new sessions so I decided to dig further.
I did not bothered to check before but I noticed this behaviour before. After
my investigation, I found a secret override that control this session creation.
You simply need to override this method in your Application class:
@Override
public boolean shouldRestoreSessionOnCleanEntry(WORequest aRequest) {
return true;
}
You may add logic, if the session if not found, a new one will be created.
Hope this helps!
Samuel
> Le 4 déc. 2025 à 02:03, Paul Hoadley <[email protected]> a écrit :
>
> On 4 Dec 2025, at 3:31 pm, Paul Hoadley <[email protected]> wrote:
>
>> Is this a feature, or am I doing something to cause this in my apps? Session
>> IDs are in cookies.
>
> I see in the new tab that the wosid cookie is not being sent on the first
> request, so WebObjects assigns it a new session and sends back a new wosid.
> This cookie replaces wosid in the original tab as well, which invalidates the
> navigation.
>
> So to that extent, it's all working as designed. Same behaviour no matter
> what SameSite is set to, or what domainForIDCookies() returns. Is this
> just... a feature of browsers?
>
>
> --
> Paul Hoadley
> https://logicsquad.net/
> https://www.linkedin.com/company/logic-squad/
>
