Interesting problem. I'm using Tomcat 4.0.4, have and have the
application configured to reload automatically when something changes.
Much to my surprise, a context reload does not destroy an existing session
context. Both the session context and session attribute objects are still
I did some experimenting with tomcat 3.3.1. It appears to restrict access to any
directory that starts with the sequence WEB-INF. Appending a period, or any other
character for that matter, does not get around this security check. Which would mean
that Tomcat is not vulnerable to this
What I've got is an application that serves three different customers. I
want to set up three different contexts that run the same application with
three different databases. Getting the three context configurations to
point to the same docBase directory is no problem. But how does the
Does he have cookies disabled? Or some other weird security setting?
-Original Message-
From: Prashanth Pushpagiri
Sent: Thursday, June 27, 2002 10:42 AM
To: Tomcat Users List
Subject: RE: Tomcat looses session with IE5
I tested the same for IE5, 5.5, 6 and netscape. the
problem is
