> From: Nick Williams [mailto:nicho...@nicholaswilliams.net] > Subject: Re: Multiple JSESSIONID
> > That's interesting. I would recommend a servlet filter that captures > > addCookie and friends to see where that "extra" one is being added. > The two JSESSIONIDs immediately above are in the request, so they're added > by the browser, not the server Unless the browser is part of a hacking attack, the JSESSIONID cookies originally came from the server. The filter would have to be applied to both the ROOT and /app/myapplication contexts, so it might best be placed in conf/web.xml to cover all webapps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org