1. The cookie is not being set because you are using a redirect and a browser will only accept cookies from the URL that is sending them. When you refresh, you get the cookie because you are now in the proper relationship.
2. setMaxAge( 0 ) tells the browser to remove the cookie at the end of its session. In other words, if you shut down your browser and restart it, the cookie will not be there. Mark -----Original Message----- From: Dave Mulligan [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 6:15 AM To: [EMAIL PROTECTED] Subject: [OT] Cookies Hey all, Got a small problem with Cookies! What happens is: 1 User logs in using the LoginServlet 2 The LoginServlet sets a Cookies and forwards the request to the j_security_check i.e. Container Managed Auth. Cookie cookie = new Cookie(name, value); cookie.setPath("/"); cookie.setMaxAge(30 * 24 * 60 * 60); // 30 days response.addCookie(cookie); String req = request.getContextPath() + "/" + authURL + "?j_username=" + RequestUtils.encodeURL(username) + "&j_password=" + RequestUtils.encodeURL(encryptedPassword); response.sendRedirect(response.encodeRedirectURL(req)); 3 CMA loads the user principle and the request it forwarded to /welcome.do 4 The SingleSignonFilter runs but is unable to find the cookie set in step 2 above and displays error page. 5 If I press refresh button, SingleSignonFilter can now find the cookie and everthing works! The above is much like what is found in struts-resume found on sf.net My question is, when does the cookie get sent to the browser? Is it after Step 2 when the LoginServlet does the response.sendRedirect() or Is it after Step 4 when the SingleSignonFilter displays the error page My second question: What is the best way to remove a cookie? Setting the max-age to zero doesn't seem to work for me! Tnx in advance. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
