On Tue, 28 Jan 2003, Antonio M Lopez Perez wrote:
> Date: Tue, 28 Jan 2003 16:34:55 +0100 > From: Antonio M Lopez Perez <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: JSESSIONID cookie with Tomcat 4.0.6 > > Hi > > We have a number of web applications running under the same domain name, on > different ports. Each application runs under a separate Apache (1.3.14) and > Tomcat (4.0.6) instance. Due to functional requirements, these applications > call each other, opening up new browser windows to move the user from one > application to the other. > > Our problem is this: When one of these applications creates a session it > sends the client a cookie called JSESSIONID with the session ID. When this > application redirects the user to a second application, if the second > application also establishes a session, it sends another cookie, also > called JSESSIONID, which invalidates the session established with the first > application. > The cookie that is sent includes a "path" parameter matching the context path of the webapp, so the browser knows which session id cookie belongs to which webapp. The fact that the name is the same does not matter. > We know that we can?t change the name of the cookie (its part of the > Servlet specification). We understand that its a problem with how IE > identifies cookies (we do not have the problem with Netscape, which > identifies cookies with hostname:port), and we do not have the problem with > the app server JServ, which identifies the session tracking cookie with the > string JServSessionID+<name of servlet zone>. However, we need to allow > browsing with IE, and we also want to move up to Tomcat, or at least to a > J2EE compliant app server. > > Any ideas? (Hopefully its just a trivial config parameter, in Apache or > Tomcat which we are not setting right) > If this doesn't work for you (don't know why it shouldn't; thousands of Tomcat-based apps are happily serving session based content to IE browsers), then it must be a cookie handling bug in the version of IE that you are using. There's nothing Tomcat can (or should) do about that. > Thanks in advance. > > Saludos, Antonio Manuel L�pez P�rez > IBM Global Services Espa�a > Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
