-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 5/4/2009 1:50 PM, André Warnier wrote: > I was not quite convinced by Chris's explanation, so I tested this by > myself. [snip] > So, despite my initial scepticism (for which I apologise), Chris turns > out to be right. Sometimes it's goog to convince yourself of something, rather than accepting it as fact. That's always a good advice with statements made on this list (and on the Internet in general). No offense taken. > I don't think that mod_jk, even with the "JkStripSession" parameter on, > will scan each page returned by Tomcat, and /in the content/ change > these links to remove the ";jsessionid=..." part. It does not have to. The links are only a problem when the web server attempts to service them. If the ";jsessionid=..." is stripped-away before the files are located, then everything is okay. > So the questions would be : > 1) /why/ does the page returned by Tomcat contain the embedded <img> > tags with a "....;jsessionid=...." URI ? > What puts that jession-id there ? All URLs should be run through HttpServletResponse.encodeURL, which adds the ";jsessionid=..." if the container isn't sure that the client supports cookies. This allows sessions to be used even if cookies are unavailable. It's also required by the Servlet Spec. > OR > 2) what makes it so that when Tomcat returns that page, Apache+mod_jk > think that this css URI does /not/ have to be forwarded to Tomcat ? The OP never set *.css to be served by Tomcat. Had this been the case, everything would have been okay, since Tomcat knows how to use the ";jsessionid=..." parameter (and also knows how to ignore it properly, thank you very much httpd!). > There must be, at the Apache level, a rogue JkUnMount or SetEnvIf no_jk > rule that interferes there, in the sense of not being quite smart enough > to know that this link /should/ be forwarded to Tomcat. > > And if it should /not/ be forwarded to Tomcat after all, then you should > use a smart RewriteRule that will strip the ";jsessionid.." from these > URI's, before Apache attempts to find them locally. FWIW that rule is this: RewriteRule /contextPath/(.*);jsessionid=[0-9A-Z]*(.*) /path/to/webapps/contextPath/$1$2 [L] (I've been around this particular block several times. Bless Rainer and Mladen for adding JKStripSession!). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkn/UWMACgkQ9CaO5/Lv0PBBugCcDCCMSVpYGWwnD8zT9zXI01kV 8pcAoL+6BkMfZHc06JImiWhvaSnobUg9 =n6KO -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
