Adrian-- Thanks for this. We also encountered the same problem with cookies and IE6 -- it seems the default is cookies off.
Basically I now believe that the problem is with simple href links between pages. I suspect these should be using encodeRedirectUrl in order to get the ;jSessionid=blah piece of the URL. Thanks for the pointer though ... -----Original Message----- From: A mailing list about Java Server Pages specification and reference [mailto:[EMAIL PROTECTED]]On Behalf Of Adrian Janssen Sent: 26 April 2002 07:12 To: [EMAIL PROTECTED] Subject: Re: Cookies, sessions and proxy servers hey Gary, Are you sure it is the proxy? I have encountered the exact same problem but the cause was IE6 automatically disabling cokies becuase the web sitye did not have a Privacy Policy set-up, this occurred with INTRANET sites! It only happened to the IE6 users who had auto-updated thier browsers and applied some security patch, and it only affected newly deployed intranet sites - existing ones were fine. Cheers Adrian > -----Original Message----- > From: Gary Noone [SMTP:[EMAIL PROTECTED]] > Sent: 25 April 2002 12:15 > To: [EMAIL PROTECTED] > Subject: Cookies, sessions and proxy servers > > Hi all, > > Has anybody encountered a problem with proxy servers stripping cookies and > therefore invalidating the session? > > We have deployed an application, and a number of customers complained that > they were unable to login. On closer examination we found that the session > object isNew() method returned true on each page of our application. > > I've noticed that JRUN uses ;jsessionID on the URL bar the first time that > a > session aware page is accessed. I guessed that this maybe to counter > problems when the user had cookies switched off. However this does not > seem > to be the case. > > We can obviously code using URL re-writing, however I would have thought > that this was a common problem and the servlet engine vendors would have a > suitable fall back. > > Looking forward to any comments or insights. > > Best > > Gary > > ========================================================================== > = > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com -- ********************************************************************** The Truworths e-mail facility may not be used for the distribution of chain letters or offensive email. Truworths hereby distances itself from and accepts no liability for the unauthorised use of its e-mail facility or the sending of e-mail communications for other than strictly business purposes. Truworths furthermore disclaims liability for any unauthorised instruction for which permission was not granted. =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
