Hi, Messing with the JSESSIONID cookie by rewriting it is cruising for a bruising. If it's not browser differences (which seems to be your case), then it would be an unhappy firewall, proxy, or NAT that gets you. That's why no one wants to dive into this Pandora's box I guess ;)
Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: Alex Korneyev [mailto:[EMAIL PROTECTED] >Sent: Thursday, December 02, 2004 10:06 AM >Cc: 'Tomcat Users List ' >Subject: getting desperate here :) > >Hello all, > > i have sent this one before, but i am hoping someone else has > had this particular problem. > __ > > > i am hoping someone has seen the following behavior. > > > TomcatA sends a redirect to TomcatB > > on the backend, I can see that TomcatB receives a JSESSIONID that was > originally assigned to it by TomcatA; > > i.e. cookie = JSESSIONID=6EF95FA9AA98E608C555E28875F57054; > > > I rewrite reset the jsession id ( see the code bellow ), but > > > on the next request i see this: > > cookie = JSESSIONID=6EF95FA9AA98E608C555E28875F57054; >JSESSIONID=2251830F6F64DEFC974C19C79F1EABAB > > for some reason using Mozilla works, but I.E. is the one that passes > 2 JSESSIONID variables. Thoughts? > > if (cookies != null && cookies.length > 0) > { > int len = cookies.length; > for (int i = 0; i < len; i++) > { > if >(cookies[i].getName().equalsIgnoreCase("jsessionid")) > { > cookies[i].setMaxAge(-1); > cookies[i].setPath("/"); > _LOGGER.debug("COOKIE VALUE " + >cookies[i].getValue() ); > _LOGGER.debug("session id: " + >request.getSession().getId() ); > _LOGGER.debug(" comp" + ( >request.getSession().getId().equals(cookies[i].getValue()))); > if ( >request.getSession().getId().equals(cookies[i].getValue())) > { > _LOGGER.debug("equal"); > >response.addCookie(cookies[i]); > } > else > { > _LOGGER.debug("not equal"); > Cookie sessionCookie = new >Cookie("JSESSIONID", >request.getSession().getId()); > >response.addCookie(sessionCookie); > } > foundCookie = true; > _LOGGER.debug("updated session >cookie"); > > } > } > } > > > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
