Re: Netscape, JServ, Sessions & Cookies

Fri, 17 Sep 1999 13:28:21 -0700 

-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------

Grant Jennings wrote:

> -----------------------------
> Please read the FAQ!
> <http://java.apache.org/faq/>
> -----------------------------
>
> I have been looking through the archives of this list and noticed that
> some people have been having trouble with Netscape and session cookies,
> but did not see a solution.
>
> Since I have now encountered the same problem, I was wondering if anyone
> had sorted this out, or at least identified the bug.
>
> Here is the actual problem.
>
> I have one servlet that creates a session then redirects to another
> servlet. The next servlet, instead of finding the already created
> session, creates a new one.....every time (with NS, not with IE). As a
> result, session data that is set in servlet1 is not available to servlet
> 2. Quite annoying really. Of course, the SessionExample that comes with
> JSDK works fine.
>
> Anyway, I am _extremely_ interested in getting a solution to this
> problem. It is clear to me that it is an issue with the way Netscape
> handles cookies and possibly something to do with redirects.
>
> To answer some of the questions that were raised in earlier posts.
> 1. req.getSession(true) is the first thing called in the servlets
> 2. Both (all) servlets are in the same zone
> 3. Server Version: Apache/1.3.6 (Unix) ApacheJServ/1.0 mod_ssl/2.3.5
> OpenSSL/0.9.3a
>
> If someone knows the cause of this problem, please let me know, so that
> I can try and find a solution. Better still, if someone has the
> solution.....
>
> Grant Jennings
> Netnation
>

I'm not *positive* I am remembering this right, but I think I read that
Netscape might not forward cookies that were sent along with a redirect
request to the new destination.  Given this browser behavior, the only way
to reliably maintain session state would be URL rewriting.

In Apache JServ 1.0, there is no way to force the use of URL rewriting if
the client browser has cookies on.  A new configuration option has been
added (and will be part of the upcoming 1.0.1 release) to let you disable
the use of cookies for session management if you want to.

Craig McClanahan




--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to