ioned cookies" for every site, everywhere,
regardless of the "partitioned" flag on a Set-Cookie header.
Why do you have to bother modifying your application? It seems to be
that CHIPS will die on the vine and will never become an official standard.
In fact, it looks like it has
Hi Mark,
dang! I missed that while checking the changelog.
Thanks for pointing out.
Regards,
Holger
Mark Thomas wrote (at 2024-03-18 17:03 +):
> On 18/03/2024 15:16, info@klawitter.de wrote:
>
> > What am I doing wrong here? (Tomcat 9.0.82)
>
>
On 18/03/2024 15:16, info@klawitter.de wrote:
What am I doing wrong here? (Tomcat 9.0.82)
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
Search for "partitioned"
The problem is you are using Tomcat 9.0.82. Support for a default
partitioned attribute wasn't added until 9.0.85.
Hi there,
I have to make my webapp complying to CHIPS. For this I am
trying to configure the CookieProcessor to allow partitioned cookies.
For this I added a CookieProcessor directive to the context.xml
like this:
However tomcat complains about this with
[Catalina-utility-1
Mark,
On 12/15/23 04:03, Mark Thomas wrote:
On 14/12/2023 21:15, André van der Lugt wrote:
From: Chuck Caldarale <mailto:n82...@gmail.com>
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List <mailto:users@tomcat.apache.org>
Subject: [EXTERNAL] - Re: Partitioned cook
On 14/12/2023 21:15, André van der Lugt wrote:
From: Chuck Caldarale <mailto:n82...@gmail.com>
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List <mailto:users@tomcat.apache.org>
Subject: [EXTERNAL] - Re: Partitioned cookies
On Nov 15, 2023, at 08:06, Adam Warfield
&
> -Original Message-
> From: Adam Warfield
> Sent: woensdag 15 november 2023 16:49
> To: Tomcat Users List
> Subject: Re: [EXTERNAL] - Re: Partitioned cookies
>
> That's strange. I was not aware the proposal had expired. I've been working
> off of a few pages
Adam,
On 11/15/23 09:06, Adam Warfield wrote:
The Rfc6265CookieProcessor supports setting the SameSite cookie
attribute but starting in 2024, browsers will begin enforcing the
newer "Partitioned" attribute for third-party cookies.
Is there a way to set this attribute within Tomcat
Sent: Wednesday, November 15, 2023 9:48 AM
To: Tomcat Users List
Subject: [EXTERNAL] - Re: Partitioned cookies
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe. If you feel
> On Nov 15, 2023, at 08:06, Adam Warfield
> wrote:
>
> The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but
> starting in 2024, browsers will begin enforcing the newer "Partitioned"
> attribute for third-party cookies. Is there a way to
The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but
starting in 2024, browsers will begin enforcing the newer "Partitioned"
attribute for third-party cookies. Is there a way to set this attribute within
Tomcat for things like the JSESSIONID and XSRF-TOK
Just to confirm, we know that Chrome will block JSESSIONID it if sent over
unsecure connection and with SameSite=None. But we saw the
previously mentioned issue in Firefox.
Thanks,
On Wed, 11 Mar 2020 at 15:33, M. Manna wrote:
> Hi All,
>
> Due to the recent issues with Chrome 80, we have had
Hi All,
Due to the recent issues with Chrome 80, we have had to make some changes
for our context.xml to have SameSite attribute setup for CookieProcessor
What we've noticed is that even though CookieProcessorBase captures and
assigns the correct value (e.g. "None" or "Lax"), the Network tab of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
M,
On 11/8/19 10:40, M. Manna wrote:
> Interesting question.
>
> samesite attribute is also to protect cookies from possible
> cross-site attacks. Even if you have super domain cookies, using
> strict/lax shouldn't make any dif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 11/8/19 11:53, Mark Thomas wrote:
>> All,
>>
>> I'm looking at using "samesite" cookies within my application.
>> It looks as simple as setting the "sameSite" attribute
>> appropriate
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting the "sameSite" attribute appropriately on
> the CookieProcessor for the , which isn't there in a default
> configuration. So you just have to add it:
On Fri, Nov 8, 2019 at 4:04 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'm looking at using "samesite" cookies within my application. It
> looks as simple as setting t
Hey Chris,
Interesting question.
samesite attribute is also to protect cookies from possible cross-site
attacks. Even if you have super domain cookies, using strict/lax shouldn't
make any difference for you, or does it?
Thanks,
On Fri, 8 Nov 2019 at 15:04, Christopher Schultz <
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
I'm looking at using "samesite" cookies within my application. It
looks as simple as setting the "sameSite" attribute appropriately on
the CookieProcessor for the , which isn't there in a default
configuration. So
esponse. Unfortunately it doesn't appear to be a
> > bad cookie name or value, as the identical set of cookies are
> > passed (and parsed correctly) on requests that immediately precede
> > and follow the failing request. That's pretty clear from both the
> > Wireshark and Tomcat acce
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chad,
On 2/27/18 9:02 PM, Chad Stansbury wrote:
> Thanks for your response. Unfortunately it doesn't appear to be a
> bad cookie name or value, as the identical set of cookies are
> passed (and parsed correctly) on requests that immediatel
Hello Chris -
Thanks for your response. Unfortunately it doesn't appear to be a bad
cookie name or value, as the identical set of cookies are passed (and
parsed correctly) on requests that immediately precede and follow the
failing request. That's pretty clear from both the Wireshark and Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chad,
On 2/27/18 9:44 AM, Chad Stansbury wrote:
> We've been troubleshooting an issue where our web application is
> getting a very occasional request that contains no cookies even
> though a Wireshark on the application server shows thos
We've been troubleshooting an issue where our web application is getting a
very occasional request that contains no cookies even though a Wireshark on
the application server shows those cookies coming in on the request.
I was able to replay the request that was captured via Wireshark, and when
2016-11-10 16:02 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net
>:
> http://mrcoles.com/media/test/cookies-max-age-vs-expires.html
>
> Just tested with Edge and MSIE11 on Win 10. Both fail to recognize the
> expiration of a cookie when "expires" is not
wser will a much smaller -
>> and shrinking - market share I could be convinced.
>>
>
> http://promincproductions.com/blog/set-cookie-expiration-date-browser-
compatiability/
>
>
There's really conflicting info on this ...
http://mrcoles.com/media/test/cookies-max-age-vs-expir
2016-11-10 11:51 GMT+01:00 Mark Thomas :
> Tempting. But IE/Edge represents ~30% of the current browser usage. If
> we were talking about a browser will a much smaller - and shrinking -
> market share I could be convinced.
>
ing for.
>>
>> I don't recall anyone raising it before now.
>>
>>> Has anyone else run into an issue with persistent cookies in Tomcat
>>> 8.5+ and IE not working?
>>
>> I can confirm I see the same issue.
>>
>>> Does it make sense
.
>
> > Has anyone else run into an issue with persistent cookies in Tomcat
> > 8.5+ and IE not working?
>
> I can confirm I see the same issue.
>
> > Does it make sense that the shipping configuration would not work
> > with IE for persistent cookies?
>
>
Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, November 07, 2016 9:25 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent
cookies for all IE versions
-BEGIN PGP SIGNED M
I'm +1 on adding an option, and I think it should be enabled *by
default*. The name of the option should be more clear about what it
actually does rather than "fix cookies for stupid MSIE" (as satisfying
as that would be).
It should be something more like supplyExpiresAndMaxAgeWit
anyone else run into an issue with persistent cookies in Tomcat
>> 8.5+ and IE not working?
>
> I can confirm I see the same issue.
>
>> Does it make sense that the shipping configuration would not work
>> with IE for persistent cookies?
>
> I'll turn that around.
On 04/11/2016 19:10, Hedrick, Brooke - 43 wrote:
> Sorry if this has been already asked. I searched the archives and
> didn't find what I was looking for.
I don't recall anyone raising it before now.
> Has anyone else run into an issue with persistent cookies in Tomcat
>
Sorry if this has been already asked. I searched the archives and didn't find
what I was looking for.
Has anyone else run into an issue with persistent cookies in Tomcat 8.5+ and IE
not working?
We are seeing an issue where the new default cookie processor
set with the path /jsf%5ftest, while other cookies
>>> (set by myfaces) were correctly set with the path /jsf_test. It
>>> looks like firefox treats /jsf_test and /jsf%5ftest as
>>> different pathes and therefore does not send the session cookie
>>> with the next requ
On 22/06/2016 11:29, Mark Thomas wrote:
> On 22/06/2016 09:28, Markus Näher wrote:
>> In the web console of firefox, I could see that the session cookie was
>> set with the path /jsf%5ftest, while other cookies (set by myfaces) were
>> correctly set with the path /jsf_t
, I could see that the session cookie was
> set with the path /jsf%5ftest, while other cookies (set by myfaces) were
> correctly set with the path /jsf_test.
> It looks like firefox treats /jsf_test and /jsf%5ftest as different
> pathes and therefore does not send the session cookie with
manager (web)
and the webapp's welcome page in the browser, I can see that every reload of the webapp page increases
the session count.
In the web console of firefox, I could see that the session cookie was set with the path /jsf%5ftest,
while other cookies (set by myfaces) were correctly set
ers@tomcat.apache.org>
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Jeffrey,
>>
>> On 9/10/15 12:26 PM, Jeffrey Janner wrote:
>>> Thanks for all the help guys. I think I'v
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Thursday, September 10, 2015 12:01 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> > From: Jeff
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, September 10, 2015 2:24 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Wednesday, September 09, 2015 1:50 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Subject: RE: Multiple JSESSIONID cookies being presented.
> I checked the error.jsp file and it does have session=true set, and if the
> icon file
> is missing, the error.jsp is definitely being sent.
>
and watching cookies
> and access logs, both with and without a favicon.ico file, I found
> that the doubling was happening only if the file was missing. I
> checked the error.jsp file and it does have session=true set, and
> if the icon file is missing, the error.jsp is definitely being
> -Original Message-
> From: Igor Cicimov [mailto:icici...@gmail.com]
> Sent: Tuesday, September 08, 2015 10:09 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> On 09/09/2015 7:13 AM, &q
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Tuesday, September 08, 2015 4:58 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: RE: Multiple JSESSIONID cookies being presented.
>
> > From: Jose
ers@tomcat.apache.org>
>> Subject: RE: Multiple JSESSIONID cookies being presented.
>>
>>> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>>>> Thanks for the clarification of what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeffrey,
On 9/4/15 4:40 PM, Jeffrey Janner wrote:
> I'm surprised that Tomcat would use the "wrong" session id for
> URL-rewriting when presenting the login screen. Are you saying
> that, when showing the login page for /APP2, Tomcat will:
>
> a.
che.org>
>> Subject: RE: Multiple JSESSIONID cookies being presented.
>>
>> > From: Jose María Zaragoza [mailto:demablo...@gmail.com]
>> > Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> > > Thanks for the clarification of what's supposed
> -Original Message-
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Sent: Tuesday, September 08, 2015 9:22 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> 2015-09-08 15:
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Subject: Re: Multiple JSESSIONID cookies being presented.
> > Thanks for the clarification of what's supposed to happen on receipt, Jose.
> > However, I am describing what happens on first contact from the client
> -Original Message-
> From: Jose María Zaragoza [mailto:demablo...@gmail.com]
> Sent: Tuesday, September 08, 2015 9:08 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> 2015-09-08 15:
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
>> >> -Original Message-
>> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 12:46 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP
che.org>
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
>> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>> > I'm running Tomcat 8.0.24 on Ubuntu 14.04 w
che.org>
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jeffrey,
>>
> Now, it's been doing this since at least Tomcat 6, I have one running now,
> and I've never had a pr
s@tomcat.apache.org>
> > Subject: Re: Multiple JSESSIONID cookies being presented.
> >
> > 2015-09-08 15:51 GMT+02:00 Jeffrey Janner <jeffrey.jan...@polydyne.com>:
> > >> -Original Message-
> > >> From: Christopher Schultz [mailto:ch...@chri
at a login screen unique to the context and provided by it
(not using container auth).
When I connect to ROOT, no problem, but when I connect to APP2, I get 2
JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/".
On the Windows implementations, we are
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 12:46 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP
ers@tomcat.apache.org>
>> Subject: Re: Multiple JSESSIONID cookies being presented.
>>
> Jeffrey,
>
> On 9/4/15 12:37 PM, Jeffrey Janner wrote:
>>>> I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but
>>>> I'm also seeing this on Windows (versi
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Friday, September 04, 2015 2:55 PM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Multiple JSESSIONID cookies being presented.
>
> -BEGIN PGP
Java 7U51.
>
> I have 2 contexts installed in Tomcat, one is ROOT, the other
> APP2. Both contexts start off at a login screen unique to the
> context and provided by it (not using container auth).
>
> When I connect to ROOT, no problem, but when I connect to APP2, I
>
On 14/04/2015 09:05, Peter Schroer wrote:
This isn't possible because I'm writing some kind of proxy and I dont't have
any influence on the websites (and the cookies of course). It would be
possible to ignore invalid cookies if tomcat could be configured to do so.
The error message is from
On 14/04/2015 07:53, Peter Schroer wrote:
Hello,
I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are
cookies starting with a dot I'm getting the following error:
java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was
specified for this cookie
This isn't possible because I'm writing some kind of proxy and I dont't have
any influence on the websites (and the cookies of course). It would be
possible to ignore invalid cookies if tomcat could be configured to do so.
Greetings Peter
-Ursprüngliche Nachricht-
Von: Mark Thomas
Hello,
I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are
cookies starting with a dot I'm getting the following error:
java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was
specified for this cookie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel,
On 3/27/15 1:54 PM, Pavel Yermolenko wrote:
In my default browser (Chrome) the cookies are enabled, the proof
is: the .jsp page is correctly displayed in browser. In the
meantime I've tried to access to Manager App page from main page
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel,
On 3/27/15 1:07 PM, Pavel Yermolenko wrote:
Trying to test jsp page in Apache Tomcat 8.0, I've met problems -
opened page displays suggestions how to enable cookies in different
browsers.
Is there some option, allowing to setup/enable
From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch]
Subject: How to enable cookies in Apache Tomcat
Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened
page displays suggestions how to enable cookies in different browsers.
Is there some option, allowing to setup/enable
it with tomcat. What you mean saying Can you post some of the code
... ? The content of .jsp ?
Yes, what does your .jsp file have in it?
When I use my default browser (Chrome), the .jsp page is correctly
visualized.
Is it possible that you have cookies disabled in the other browser
(not Chrome
Hello Chuck,
In my default browser (Chrome) the cookies are enabled, the proof is: the
.jsp page is correctly displayed in browser.
In the meantime I've tried to access to Manager App page from main page
http://localhost:8080/, but access were refused (I tried username =
tomcat, password
Hello,
Hello,
Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened
page displays suggestions how to enable cookies in different browsers.
Is there some option, allowing to setup/enable cookies in Apache Tomcat.
Thanks in advance
Pavel
---
L'absence de virus
cookies in Apache Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel,
On 3/27/15 1:07 PM, Pavel Yermolenko wrote:
Trying to test jsp page in Apache Tomcat 8.0, I've met problems -
opened page displays suggestions how to enable cookies in different
browsers.
Is there some option
Pavel Yermolenko wrote:
Hello Chuck,
In my default browser (Chrome) the cookies are enabled, the proof is: the
.jsp page is correctly displayed in browser.
In the meantime I've tried to access to Manager App page from main page
http://localhost:8080/, but access were refused (I tried username
From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch]
Subject: RE: How to enable cookies in Apache Tomcat
In the meantime I've tried to access to Manager App page from main page
This is a different issue, so should be discussed in a different thread. Read
this first:
http://www.catb.org/~esr
Chris,
Indeed, it was the case - after checking 2 other browsers (IE and Mozilla) I
discovered that cookies weren't enable there.
I enabled them in both (IE and Mozilla), but nothing changed in Eclipse when I
run .jsp page.
I can attach .jsp file (47kB), but not sure that it's supported
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel,
On 3/27/15 2:29 PM, Pavel Yermolenko wrote:
Indeed, I forgot about comments ... but after removing them the
issue persists - the pair tomcat/tomcat (for username/password)
still doesn't work.
Hmm. Can you post the full contents of the
In attachment I've put the content of .jsp
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: vendredi 27 mars 2015 18:58
To: Tomcat Users List
Subject: Re: How to enable cookies in Apache Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel
]
Sent: vendredi 27 mars 2015 18:58
To: Tomcat Users List
Subject: Re: How to enable cookies in Apache Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Pavel,
On 3/27/15 1:54 PM, Pavel Yermolenko wrote:
In my default browser (Chrome) the cookies are enabled, the proof
is: the .jsp page
Ok Chuck, I'm sorry.
I'll not repeat this error.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: vendredi 27 mars 2015 19:01
To: Tomcat Users List
Subject: RE: How to enable cookies in Apache Tomcat
From: Pavel Yermolenko [mailto:py.oh
of which says:
The Single Sign On feature utilizes HTTP cookies to transmit a token
that associates each request with the saved user identity, so it can
only be utilized in client environments that support cookies.
I had always thought encoded url's were equally acceptable, but I was
mistaken
Hi Brian,
Can you send us some sample unit tests if it doesn't violate any laws or
infringements.
On 11/12/13 16:47, selvakumar netaji wrote:
Hi Brian,
Can you send us some sample unit tests if it doesn't violate any laws or
infringements.
Like tomcat itself, the unit tests are open source. The tests are all in
the tc7 and tc8 repositories! Just do a svn checkout or browse them online.
is described briefly in the Servlet
Spec, but is not defined. Tomcat implements SSO as a Valve. It is
described in the tomcat docs Reference section,
docs/config/host.html#Single Sign On
... which has six bullet points, the last of which says:
The Single Sign On feature utilizes HTTP cookies
:
The Single Sign On feature utilizes HTTP cookies to transmit a token
that associates each request with the saved user identity, so it can
only be utilized in client environments that support cookies.
I had always thought encoded url's were equally acceptable, but I was
mistaken
the below result Set-Cookie:
JSESSIONID=01D4A20F51FCE8F8401B47999524D8AB;
Path=/UserHttpOnlyTest/; Secure; HttpOnly
I have one more question to the same context,is there a way to
enable the httponly to the non-container managed cookies other than
programatically?
No. It's not appropriate
/; Secure; HttpOnly
I have one more question to the same context,is there a way to enable the
httponly to the non-container managed cookies other than programatically?
Adding the below lines in my application web.xml doenst have an impact on
the header
session-config
cookie-config
http-onlytrue/http
= + sessionid
+ ; Path= + contextPath);
response.addCookie(cookie);
response.addCookie(cookie1);
pw.println(Cookies created);
When i verified http header,i am able to see the cookie values as
Set-Cookie: JSESSIONID
sessionid =
request.getSession().getId(); String contextPath =
request.getContextPath(); response.setHeader(SET-COOKIE,
JSESSIONID= + sessionid + ; Path= + contextPath);
response.addCookie(cookie); response.addCookie(cookie1);
pw.println(Cookies created);
Well, of course that code will not enable
must be missing something simple.
Any suggestions?
Thanks,
Todd
On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski nick...@gmail.com wrote:
On Fri, Aug 23, 2013 at 2:58 AM, toddfas todd...@gmail.com wrote:
I'm trying to figure out how to get access to the cookies and headers
passed up
;t see an easy way for doing this. Can you describe
the use case in greater details. What problem do you solve by having access
to the handshale request headers (incl cookies) in that phase?
Thanks,
Todd
On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski nick...@gmail.com wrote:
On Fri, Aug 23
are already in the
websocket world. I don;t see an easy way for doing this. Can you describe
the use case in greater details. What problem do you solve by having access
to the handshale request headers (incl cookies) in that phase?
Thanks,
Todd
On Thu, Aug 22, 2013 at 10:12 PM, Niki
httpSession = (HttpSession)
session.getUserProperties().get(httpSessionObject);
}
It ain't pretty. IMO, it was a serious design flaw in the spec not to provide
ways to get the HttpSession and Cookies from the Session object. Maybe I'll try
to get on the EG for the next version. :-)
N
On Aug 23, 2013
:
@OnOpen
public void onOpen(Session session) {
HttpSession httpSession = (HttpSession)
session.getUserProperties().get(httpSessionObject);
}
It ain't pretty. IMO, it was a serious design flaw in the spec not to provide
ways to get the HttpSession and Cookies from the Session object
());
}
}
Then later:
@OnOpen
public void onOpen(Session session) {
HttpSession httpSession = (HttpSession)
session.getUserProperties().get(httpSessionObject);
}
It ain't pretty. IMO, it was a serious design flaw in the spec not to
provide ways to get the HttpSession and Cookies from
I'm trying to figure out how to get access to the cookies and headers
passed up in the Websocket handshake request on Tomcat 8.
In Tomcat 7 the whole HttpServletRequest was passed into the
WebSocketServlet. createWebSocketInbound method so it was easy to grab
from the request headers. In Tomcat 8
On Fri, Aug 23, 2013 at 2:58 AM, toddfas todd...@gmail.com wrote:
I'm trying to figure out how to get access to the cookies and headers
passed up in the Websocket handshake request on Tomcat 8.
In Tomcat 7 the whole HttpServletRequest was passed into the
WebSocketServlet
On Tue, Jul 30, 2013 at 9:39 PM, Jeffrey Janner jeffrey.jan...@polydyne.com
wrote:
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Monday, July 29, 2013 8:21 PM
To: Tomcat Users List
Subject: Re: secure cookies
-BEGIN PGP SIGNED
On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jeffrey,
On 7/29/13 4:09 PM, Jeffrey Janner wrote:
Thanks for the verification, Mark. I was under the impression
you'd only want to [set
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Prafull,
On 7/30/13 9:44 AM, Prafull wrote:
On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
Jeffrey,
On 7/29/13 4:09 PM, Jeffrey Janner wrote:
Thanks for the verification, Mark. I was under the
1 - 100 of 353 matches
Mail list logo