Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nelson,
>
> Nelson D. guerrero wrote:
>>> Are you using cookies or URL-rewriting in order to track sessions?
>
>> No, the developers are using cookies or URL-rewriting, is this the
>> only way that the sessions can replicate between them?
>
> Assuming that Tomcat is managing your sessions (there aren't too many
> good reasons to manage your own sessions), then Tomcat uses either
> cookies or URL rewriting to maintain sessions between requests.
>
> By default, Tomcat attempts to use cookies, but if cookies are not
> supported by the client (the browser), then it resorts to URL rewriting.
>
>> I'm thinking on passing them this piece of code:
>>
>> ((HttpServletResponse)response).addCookie(new
>> Cookie("JSESSIONID",session.getId()));
>>
>> That will surely help.
>
> Probably not: Tomcat should do this for you already.
>
> Usually, sessions get lost because Tomcat has had to resort to URL
> rewriting, but the application has not been written with this in mind.
> For instance, every single URL that you generate ought to go through
> request.encodeURL to make sure that the session id is properly added if
> necessary. If you don't do this, then you'll end up creating a new
> session when you use that (session-less) link.Are you testing manually or using something automated? > - -chris > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGCtdd9CaO5/Lv0PARAmbxAKCqWzIxQKLz38z0xIVXXFpE2cWBLwCeLqaU > ezD9gy8vmCGlyoyfWAk5bE8= > =DfrI > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
smime.p7s
Description: S/MIME Cryptographic Signature
