-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 3/11/14, 8:46 AM, Konstantin Kolinko wrote: > 2014-03-10 10:58 GMT+04:00 Akash Jain <akash.delh...@gmail.com>: >> Christopher, >> >> I have changed in server.xml. Below is the server.xml part - >> >> <Context path="" docBase="ROOT" sessionCookieName="mycookie" >> sessionCookieDomain="myapp.mydomain.com" sessionCookiePath="/" >> useHttpOnly="true" reloadable="false"> >> <WatchedResource>WEB-INF/web.xml</WatchedResource> <Manager >> pathname="" /> <!-- Disables session persistence --> </Context> >> >> As indicated above, I write JSESSIONID in "mycookie" cookie. Even >> after restart, the JSESSIONID is not getting invalidated. Before >> and after restart of apache, I can keep browsing the site with >> the same JSESSIONID in cookie. > > This behaviour is expected for sessionCookiePath="/". Also: 1. The client is responsible for expiring cookies, not the server 2. A client request for a session does not imply that the session is still valid on the server - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTH0NCAAoJEBzwKT+lPKRY+voP/2PxEkMZiPrMFqmlcHSoSNeg IY8+Jb+8gyuJozMqQCxibjOWTxsErwZC/X0yPrWNUtGhWi+PkpRHCghQjO2vRlgm y7fatI0yeT1ZE8FuRVWbtDcCywjgA4hhqM0yJJ7Uh6WWLnN6q7wdFbcA35QjC8N/ 4zFk+Pca6JejFGL9kQGj4IsK/zihAIJeaM2mjusI6E4jc0/1nIEKa3/f63UjStgM hfIWZoBdhLUs7z0HVJP9rrr7CoHcemnl+OC1/0hNermNMJKO3jf1WUSa1X1N7Iqh KQMQj2fXgxgckc3Ljm6UdLgZBCcVnbV7fp3y5T78M5WhPgTlGb83NGRHGGW86w5J l62dmC6kzjtzQZlEXM1wpTPSvabXBFc9e4HqUAag9TXOzY7TtuIPFkO4G9IWgV2G vIpdL55ZHpKP33Ouyb4nv5JDlwI3BKiv5CDk3u0qIYd/NR4YGIhGVjh1LCAlwa6y GPcM1odPYo20GuSb9aa1ZsqSXJccttuUrhNLOqKs1KPzpfipcWGoqH1WQKLLaCgl Qk6M0BaxUWArlnnkdBi7Opw+cZYxkfpePcJE4Xxc1HmgeWFNVLYNB7t3rCwMM5JT g1ORO/mEeXBTfv81DzN3Iert4THDwJI5qCbRwLDmW/Iaba3SbPEfFxYO2mp5PLE9 JQ2CIE2KLJCzeyxA2L12 =UwiK -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org