-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob,
On 10/5/2010 11:28 AM, Rob Gregory wrote: > Basically we are stuck with some legacy application parts that while > these are scheduled to be replaced we have to support them until they > have been. Using filters would not solve the issue as the 'Hack' as you > put it is done at a cookie path level. We do use filters to implement > security, ntlmv2 authentication, caching & anti-caching, etc so I am > fully aware of the power of filters. > > I agree hacking away at a part of Tomcat is not the best solution but it > was the only one currently available to resolve the issue. And was my > original reasoning behind posting to this group to see if anyone could > suggest a better solution. My suggestion would be to deploy your different environments into separate contexts. That way, the cookie paths are distinguishable and there shouldn't be any confusion no matter what the situation is on the client. One other possibility would be to disable the use of cookies altogether on the server and force the use or URL rewriting: that would essentially force each browser window or tab into it's own isolated "session". This requires that you have coded your pages correctly to support URL rewriting, of course. Good luck, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrbSgACgkQ9CaO5/Lv0PDI9ACgm2WTdL6vIRqBSvX78Z9XMDEw EpcAnA6sQFf1kmBlj07/Xk4bL+4BpeHN =MR4n -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org