вт, 23 июн. 2020 г. в 20:08, Victor Norman <v...@calvin.edu>:
> Cookie:
> JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; 

1) Having two session cookies is not a crime, but why?

(It is not a cause of this issue. Just an odd configuration.)

I see that when I go to http://agora.cs.calvin.edu:8080/
I receive a HTML page with "<meta http-equiv="refresh"
content="0;URL=http://agora.cs.calvin.edu:8080/agora/";>" and a
Set-Cookie header in a response.  That page does not need a session
and thus does not need sending the session cookie.

If that HTML response is generated by a JSP page, use <%@page session="false"%>.

(Also, I wonder whether one needs to return a HTML page? A JSP page
may generate a redirect response with HTTP status code 302 by using <%
response.sendRedirect(...) %> code instead of relying on a "meta
refresh" element of HTML).

> Content-Length:
> 0

The POST request sends no data - the length of content is zero..
Looking at the source code [1], if I figured it correctly, I think
that it actually expects a username and a password.

Why was such a request sent?


3) Guacamole is an Apache project, You may better ask on their mailing list,

[2] https://guacamole.apache.org/support/#mailing-lists

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to