I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to use getCookie() to retrieve our Omniture cookie data using request.getCookies(). We are still able to access the cookie name and value via a request header so we're using this as a work around but I'm still curious as to why getCookie() no longer works.. Is this some sort of security restriction in Tomcat6?
Here's what we get in the "cookie" request header, using * request.getHeader("cookie")*. Note the presence of s_vi. s_sq=dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA; JSESSIONID=897660B3D20E674F2D38E6CBD48814D24; s_cc=true; *s_vi*=[CS]v1|26C8FDB30515A765-60000175C0022D93[CE]; __utma=250344192.1083919342.1301415933.1301415933.1301415933.1; __utmc=250344192; __utmz=25034774129322.130133.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cpxRefCode=7020 Here are the cookies that we can see, using *request.getCookies()*. We can see all the cookies except s_vi. This includes google analytics cookies that are likely set by js running on our site. *Name**Value*s_cctrue JSESSIONID 897660B3D20E674F2D38E6CBD48814D24__utmz25034774129322.130133.1.1 .utmcsrcpxRefCode7020s_sq dev%3D%2526pid%253D/page/blah.jsp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnshowDebugDumpRequest%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DA __utma250344192.1083919342.1301415933.1301415933.1301415933.1__utmc 250344192All of these cookies, including s_vi, have a Domain value set to *. domain.com* (or .domain.local in this case). The biggest difference is that s_vi was set via Omniture on the cnamed *metric.domain.com*domain (which you can see by using Linux Chrome), while all others show just *domain.com* as the domain of origin. Note that when I say domain of origin I mean something different than the actual Domain value set on the cookie, which is the same for all of them.