On 14/07/2011 15:27, Christopher Schultz wrote: > Konstantin, > > On 7/13/2011 8:54 PM, Konstantin Kolinko wrote: >> AFAIK, 1) Tomcat won't send Set-Cookie when session id is already >> known (either from this webapp or from webapp on its parent path >> such as ROOT). > > That would sound like a bug. If the session cookie's expiration date is > not "-1", then it needs to be updated with every response, no?
Ahh, the ever popular cookie debate. Servlet 2.5 doesn't list RFC 2965 as a 'relevant' specification, but that does offer the Max-Age attribute of the Cookie header value. http://tools.ietf.org/html/rfc2965 If this was being written in the response, then the cookie header does not need to be set on each request. p (Disclaimer, smallprint, browser support, yes, etc etc.) > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature