вт, 23 июн. 2020 г. в 20:08, Victor Norman <v...@calvin.edu>: > > Cookie: > JSESSIONID=F61EBB3764D21F4A6161304BB9D820EF; > JSESSIONID=BA81E2D37D390F411711FAB57F5B8DBF
1) Having two session cookies is not a crime, but why? (It is not a cause of this issue. Just an odd configuration.) I see that when I go to http://agora.cs.calvin.edu:8080/ I receive a HTML page with "<meta http-equiv="refresh" content="0;URL=http://agora.cs.calvin.edu:8080/agora/">" and a Set-Cookie header in a response. That page does not need a session and thus does not need sending the session cookie. If that HTML response is generated by a JSP page, use <%@page session="false"%>. (Also, I wonder whether one needs to return a HTML page? A JSP page may generate a redirect response with HTTP status code 302 by using <% response.sendRedirect(...) %> code instead of relying on a "meta refresh" element of HTML). 2) > Content-Length: > 0 The POST request sends no data - the length of content is zero.. Looking at the source code [1], if I figured it correctly, I think that it actually expects a username and a password. Why was such a request sent? [1] https://github.com/apache/guacamole-client/blob/master/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java 3) Guacamole is an Apache project, You may better ask on their mailing list, [2] https://guacamole.apache.org/support/#mailing-lists --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org