Mark... on that thought, Java 1.5+ has the java.net.CookieHandler class... is there a way to insert a CookieHandler into Tomcat???
-----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, September 16, 2010 8:26 AM To: Tomcat Users List Subject: Re: HtttServletRequest.getSession() On 16/09/2010 13:49, Brian McBride wrote: > Is there a way to persuade Tomcat to use Set-Cookie2 headers? Not though the Servlet API. The servlet spec references v0 and v1 cookies but not the v2 spec. Given the IE doesn't even fully implement the v1 cookie spec, I would estimate the chances of it being spec compliant with v2 cookies somewhere rather close to zero. IE's user base may be declining but it is still a very large percentage. It may be possible to implement some form of custom extension but doing that without touching any of the javax.servlet classes would be tricky at best (and we can't touch them since that would break the spec). Your best bet may be to just set the cookie header manually. That won't help with session cookies since Tomcat creates those. Lobbying the Servlet EG has been known to get the spec changed if a strong argument is presented (eg httpOnly support in cookies). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
