Peter Alfors wrote:
> "Kramer, Gary" wrote:
>
> >
> >
> >
> > I had similiar problems. You need to turn off the use of Cookies on
> > your server (in Tomcat this setting is in server.xml). When the user
> > opens 2 browsers, they will always have different session ids in both
> > IE and Netscape since the first URL they will use will not have a
> > session id included.
> >
>
> How do I turn off the use of cookies in the server.xml? I only see one
> location where cookies are mentioned.
> <!-- Request processing -->
> <!-- Session interceptor will extract the session id from
> cookies and
> deal with URL rewriting ( by fixing the URL )
> -->
> <RequestInterceptor
> className="org.apache.tomcat.request.SessionInterceptor" />
>
> Do I comment out this section?
>
For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults
to "false". You need to set it to "true":
<RequestInterceptor
className="org.apache.tomcat.request.SessionInterceptor"
noCookies="true"/>
NOTE: Using URL rewriting does *not* catch every case of multiple windows
sharing session ids. Consider that the user can right-click on a hyperlink
(containing the session id) and select "Open in New Window". Because the
hyperlink being clicked had a session id in it already, the new window will
still be part of the old session -- so your app logic needs to be ready to
deal with this.
Craig McClanahan
