svn commit: r1101069 - in /tomcat/trunk: java/org/apache/catalina/Context.java java/org/apache/catalina/core/ApplicationSessionCookieConfig.java java/org/apache/catalina/core/StandardContext.java webapps/docs/config/context.xml

Mon, 09 May 2011 08:39:57 -0700 

Author: markt
Date: Mon May  9 15:39:34 2011
New Revision: 1101069

URL: http://svn.apache.org/viewvc?rev=1101069&view=rev
Log:
Make adding the trailing slash to the session cookie path configurable

Modified:
    tomcat/trunk/java/org/apache/catalina/Context.java
    
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
    tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
    tomcat/trunk/webapps/docs/config/context.xml

Modified: tomcat/trunk/java/org/apache/catalina/Context.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Context.java?rev=1101069&r1=1101068&r2=1101069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Context.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Context.java Mon May  9 15:39:34 2011
@@ -299,6 +299,30 @@ public interface Context extends Contain
 
     
     /**
+     * Is a / added to the end of the session cookie path to ensure browsers,
+     * particularly IE, don't send a session cookie for context /foo with
+     * requests intended for context /foobar.
+     * 
+     * @return <code>true</code> if the slash is added, otherwise
+     *         <code>false</code>  
+     */
+    public boolean getSessionCookiePathUsesTrailingSlash();
+    
+    
+    /**
+     * Configures if a / is added to the end of the session cookie path to
+     * ensure browsers, particularly IE, don't send a session cookie for 
context
+     * /foo with requests intended for context /foobar.
+     * 
+     * @param sessionCookiePathUsesTrailingSlash   <code>true</code> if the
+     *                                             slash is should be added,
+     *                                             otherwise 
<code>false</code>  
+     */
+    public void setSessionCookiePathUsesTrailingSlash(
+            boolean sessionCookiePathUsesTrailingSlash);
+
+    
+    /**
      * Return the "allow crossing servlet contexts" flag.
      */
     public boolean getCrossContext();

Modified: 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java?rev=1101069&r1=1101068&r2=1101069&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java 
(original)
+++ 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java 
Mon May  9 15:39:34 2011
@@ -156,12 +156,20 @@ public class ApplicationSessionCookieCon
         if (contextPath == null || contextPath.length() == 0) {
             contextPath = context.getEncodedPath();
         }
-        // Handle special case of ROOT context where cookies require a path of
-        // '/' but the servlet spec uses an empty string
-        // Also ensure the cookies for a context with a path of /foo don't get
-        // sent for requests with a path of /foobar
-        if (!contextPath.endsWith("/")) {
-            contextPath = contextPath + "/";
+        if (context.getSessionCookiePathUsesTrailingSlash()) {
+            // Handle special case of ROOT context where cookies require a 
path of
+            // '/' but the servlet spec uses an empty string
+            // Also ensure the cookies for a context with a path of /foo don't 
get
+            // sent for requests with a path of /foobar
+            if (!contextPath.endsWith("/")) {
+                contextPath = contextPath + "/";
+            }
+        } else {
+            // Only handle special case of ROOT context where cookies require a
+            // path of '/' but the servlet spec uses an empty string
+            if (contextPath.length() == 0) {
+                contextPath = "/";
+            }
         }
         cookie.setPath(contextPath);
 

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1101069&r1=1101068&r2=1101069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Mon May  9 
15:39:34 2011
@@ -771,6 +771,14 @@ public class StandardContext extends Con
     
     
     /**
+     * Is a / added to the end of the session cookie path to ensure browsers,
+     * particularly IE, don't send a session cookie for context /foo with
+     * requests intended for context /foobar.
+     */
+    private boolean sessionCookiePathUsesTrailingSlash = true;
+
+
+    /**
      * The Jar scanner to use to search for Jars that might contain
      * configuration information such as TLDs or web-fragment.xml files. 
      */
@@ -1638,6 +1646,20 @@ public class StandardContext extends Con
     }
     
 
+    @Override
+    public boolean getSessionCookiePathUsesTrailingSlash() {
+        return sessionCookiePathUsesTrailingSlash;
+    }
+
+
+    @Override
+    public void setSessionCookiePathUsesTrailingSlash(
+            boolean sessionCookiePathUsesTrailingSlash) {
+        this.sessionCookiePathUsesTrailingSlash =
+            sessionCookiePathUsesTrailingSlash;
+    }
+
+
     /**
      * Return the "allow crossing servlet contexts" flag.
      */

Modified: tomcat/trunk/webapps/docs/config/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1101069&r1=1101068&r2=1101069&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Mon May  9 15:39:34 2011
@@ -385,6 +385,18 @@
         file.</p>
       </attribute>
       
+      <attribute name="sessionCookiePathUsesTrailingSlash" required="false">
+        <p>Some browsers, such as IE, will send a session cookie for a context
+        with a path of /foo with a request to /foobar. To prevent this, Tomcat
+        will add a trailing slash to the path associated with the session 
cookie
+        so, in the above example, the cookie path becomes /foo/. However, with 
a
+        cookie path of /foo/, IE will no longer send the cookie with a request
+        to /foo. This should not be a problem unless there is a servlet mapped
+        to /*. In this case this feature will need to be disabled. The default
+        value for this attribute is <code>true.</code> To disable this feature,
+        set the attribute to <code>false</code>.</p>
+      </attribute>
+
       <attribute name="swallowAbortedUploads" required="false">
         <p>Set to false if Tomcat should <b>not</b> read any additional request
         body data for aborted uploads and instead abort the client connection.



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to