is it possible for a client to append JSESSIONID=<sessionId> to the url (i.e. http://theurl.com/theservlet?JSESSIONID=A4A0314540585318A4F5E327F1457375) and still use the POST method, or is the usage of GET mandatory?
thanks. At 08:54 02/05/26 +0530, you wrote: >Philip, > I did try using url re-writing using jsessionid'd & that is why I > wrote this mail. TOmcat seems to use jsessionid in cookies first & if not > there only then take jsessionid from url. This is my guess coz that is > what is happening. > >Does anyone have any idea how to force using jsessionid in such >situations to make user jump between two domains(though they are in >reality same machine & same tomcat) without his knowlege. > >-Jiger > > >>From: Phillip Morelock <[EMAIL PROTECTED]> >>Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> >>To: Tomcat Users List <[EMAIL PROTECTED]> >>Subject: Re: Tomcat refusing jsessionid's >>Date: Sat, 25 May 2002 09:14:27 -0700 >>MIME-Version: 1.0 >>Received: from [192.18.49.131] by hotmail.com (3.2) with ESMTP id >>MHotMailBEB9037700594004310EC0123183C6C00; Sat, 25 May 2002 09:14:47 -0700 >>Received: (qmail 2532 invoked by uid 97); 25 May 2002 16:14:29 -0000 >>Received: (qmail 2516 invoked by uid 98); 25 May 2002 16:14:29 -0000 > From tomcat-user-return-20632-jigerjava Sat, 25 May 2002 09:16:15 -0700 >>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >>Precedence: bulk >>List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >>List-Subscribe: <mailto:[EMAIL PROTECTED]> >>List-Help: <mailto:[EMAIL PROTECTED]> >>List-Post: <mailto:[EMAIL PROTECTED]> >>List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org> >>Delivered-To: mailing list [EMAIL PROTECTED] >>X-Antivirus: nagoya (v4198 created Apr 24 2002) >>User-Agent: Microsoft-Entourage/10.0.0.1309 >>Message-ID: <[EMAIL PROTECTED]> >>In-Reply-To: <[EMAIL PROTECTED]> >>X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N >> >>HTTP sessions....browsers are configured to associate cookies with domain >>names. They will not transmit a cookie to a domain other than the >>originating domain (at least they shouldn't). It has nothing to do with IP >>address, only domain name. I am not sure I understand your question, but if >>I am reading it correctly, the only thing you can do is some manual >>persistence scheme, such as using a database and url rewriting or some >>similar scheme. >> >>does this help? >> >>fillup >> >> >>On 5/25/02 3:43 AM, "Jiger Java" <[EMAIL PROTECTED]> wrote: >> >> > Hi, >> > I have checked the archives already but did not come across similar >> > problems so I would like to ask it. >> > >> > My Platform: >> > Tomcat 4.0. >> > JDK 1.4 >> > RHT Linux >> > >> > We have this application hosted on an generic server say >> > http://www.server.com now our reseller's can map their DNS such that >> > www.reseller.com points to www.server.com this will be dynamic( since >> > reseller's will be doing it themselves) so I can't use "virtual host" >> > feature of tomcat. The idea is that customer of that reseller should not >> > come to know that they are actually buying stuff from us & so the customer >> > *always* sees the reseller's website url in his browser. All pages post to >> > http://www.reseller.com/customer/xyz , which would post to us due to DNS >> > mapping. So far so good. But in many critical places like Login, customer >> > signup, we have hardcoded url's to our https:// server (same machine same >> > tomcat) becoz reseller need not buy Secure Certificates. >> > This is the problem. Inspite of my adding jsessionid to all such >> > pages right from posting to https:// to <META> refreshes, I still can't seem >> > to get back the session. Logically, if I pass in the right sessionid, tomcat >> > should pick up the correct session but it is still picking up pre-login >> > session & refusing the new sessionid got in the Authenticationservlet. >> > >> > I attach the jsessionid something like this >> > >> http://www.reseller.com:10001/anacreon/servlet/CustomerIndexServlet?jsessionid >> > =A4A0314540585318A4F5E327F1457375 >> > >> > Does anyone have any idea how to solve it. Please ask me if you need >> > more clarifications. I need to get this thing out. >> > >> > Thanks & Awaiting your replies, >> > Jiger >> > >> > >> > >> > _________________________________________________________________ >> > MSN Photos is the easiest way to share and print your photos: >> > http://photos.msn.com/support/worldwide.aspx >> > >> > >> > -- >> > To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >> > For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > >> >> >>-- >>To unsubscribe, e-mail: >><mailto:[EMAIL PROTECTED]> >>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > >_________________________________________________________________ >Send and receive Hotmail on your mobile device: http://mobile.msn.com > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
