-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chad,
On 10/24/2011 1:33 PM, chad.da...@emc.com wrote: > As I understand it, sessions are unique to each webapp. However, > I see the same jsessionid cookie being used for requests to two > different webapps in the same container. Is this correct? You mean that you are seeing the same JSESSIONID cookie being sent from the client to the server regardless of the app? That usually happens when you have done one (or more) of the following: 1. Nested one webapp inside another one's URL space (e.g. webapp1 -> /, webapp2 -> /foo) 2. Modified your configuration to use an empty session cookie path (which essentially makes the path "/") All webapps will get this cookie, but only those for which the cookie is valid will use it. In general, it's no harm for the cookie to be there in duplicate, but you can confuse the heck out of yourself when it happens. Tomcat is smart enough to use any valid JSESSIONID cookie that comes in, so extras are not a big deal. We had a problem where we were using the session id from an incoming request to do a loop-back request to a *different webapp*. The webapp accepting the client request was not configured to use sessions -- just blindly forwarded the session id that came-in with the request to the other webapp (where the session id was supposed to be valid). In this case, the ordering of the JSESSIONID cookies was very important (and cannot be predicted) and had an effect on whether or not the request would be successfully processed. The solution was to stop using nested URL spaces and the JSESSIONID overlap disappeared completely. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6ltdYACgkQ9CaO5/Lv0PAX8QCeOq0/ylKLx+s8qfrV8RU2V6Qr SrYAmwZ6yM2VM1nofa55G1MauQr3ZWAn =E80b -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
