André,
Thank you for your reply.
> So before I start down that path, I usually have a really good look at /why/
I need to do that, and if I cannot cure the
> original disease, rather than the symptom.
Sorry. The point of view is very important but I didn't mention about it.
To be exact, I want to suffix slash "/" to the cookie path.
From) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo
To ) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo/
My application returns cookie with "Path=/foo" and I think it has security issue
that the browsers send the cookie to all of the directory that name begins with
"/foo". (such as /foobar, /food, etc.)
So I want to know whether the path could be fixed without changing my apps or
not.
Best regards.
(2011/04/18 19:59), André Warnier wrote:
Yu Kikuchi wrote:
Hello All.
My Environment of Application Server is:
Apache 2.2.3, mod_jk 1.2.30, JBoss 5.0.0GA
I want to rewrite the Path contained in cookies. For example;
From) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/foo
To ) Set-Cookie JSESSIONID=794CC361C468123CA1D187B9C5F5FAA5; Path=/bar
...
Hi.
With Apache httpd's mod_rewrite, mod_proxy, mod_headers, etc.., you can do all
kinds of manipulations of URLs, headers
and cookies.
But when you start along that path, sooner or later you will find yourself in a
situation where the next small
requirement conflicts with the ones you had before, and/or your configuration
becomes really hard to understand and
maintain.
Also, each of these manipulations costs some time, in development and testing,
and later in the server's CPU time.
So before I start down that path, I usually have a really good look at /why/ I
need to do that, and if I cannot cure the
original disease, rather than the symptom.
For example, why can the original application not be at "/bar" instead of
"/foo" ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org