-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi André,
On 04/20/2011 12:53 AM, André Warnier wrote: >> Fixing/altering outgoing (response) headers is beyond the >> functionality of mod_rewrite. The other parts work with mod_rewrite, >> but mod_headers (with its edit functionality) is an important part in >> this use case. > Getting back to the original issue, Thomas seems to be right when he > says that if the cookie path is set to /foo, the browser will return it > also for URLs such as /foobar and /foofoo. > From the Cookie RFCs, i gather that the cookie path is taken as a > *prefix*, and /foo is a prefix of /foobar. That point was statet by Yu... > Now the issue is : who is setting the cookie path ? if it is the > application, and if this is a concern, then I would suggest to fix the > application. The container set the path, at least for the JSESSIONID cookie. Regards, - -- Thomas Freitag -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2vxDwACgkQGE5pHr3PKuWp4ACeKI1BxAC+OUj6Z/kAcLml5hnC vTUAn1CLYnXua/hmFwNSA/o/Hs601Sd7 =c1Yh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org