Re: problems with partitioned cookies

uot;partitioned cookies" for every site, everywhere, regardless of the "partitioned" flag on a Set-Cookie header. Why do you have to bother modifying your application? It seems to be that CHIPS will die on the vine and will never become an official standard. In fact, it looks li

Re: problems with partitioned cookies

Hi Mark, dang! I missed that while checking the changelog. Thanks for pointing out. Regards, Holger Mark Thomas wrote (at 2024-03-18 17:03 +): > On 18/03/2024 15:16, info@klawitter.de wrote: > > > What am I doing wrong here? (Tomcat 9.0.82) > > https://tomcat.apache.org/tomcat-9.0-doc/

Re: problems with partitioned cookies

On 18/03/2024 15:16, info@klawitter.de wrote: What am I doing wrong here? (Tomcat 9.0.82) https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Search for "partitioned" The problem is you are using Tomcat 9.0.82. Support for a default partitioned attribute wasn't added until 9.0.85.

problems with partitioned cookies

Hi there, I have to make my webapp complying to CHIPS. For this I am trying to configure the CookieProcessor to allow partitioned cookies. For this I added a CookieProcessor directive to the context.xml like this: However tomcat complains about this with [Catalina-utility-1

Re: [EXTERNAL] - Re: Partitioned cookies

Mark, On 12/15/23 04:03, Mark Thomas wrote: On 14/12/2023 21:15, André van der Lugt wrote: From: Chuck Caldarale <mailto:n82...@gmail.com> Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List <mailto:users@tomcat.apache.org> Subject: [EXTERNAL] - Re: Partitioned cook

Re: [EXTERNAL] - Re: Partitioned cookies

On 14/12/2023 21:15, André van der Lugt wrote: From: Chuck Caldarale <mailto:n82...@gmail.com> Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List <mailto:users@tomcat.apache.org> Subject: [EXTERNAL] - Re: Partitioned cookies On Nov 15, 2023, at 08:06, Adam Warfield &

RE: [EXTERNAL] - Re: Partitioned cookies

> -Original Message- > From: Adam Warfield > Sent: woensdag 15 november 2023 16:49 > To: Tomcat Users List > Subject: Re: [EXTERNAL] - Re: Partitioned cookies > > That's strange. I was not aware the proposal had expired. I've been working > off of a

Re: Partitioned cookies

Adam, On 11/15/23 09:06, Adam Warfield wrote: The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat

Re: [EXTERNAL] - Re: Partitioned cookies

Caldarale Sent: Wednesday, November 15, 2023 9:48 AM To: Tomcat Users List Subject: [EXTERNAL] - Re: Partitioned cookies CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you

Re: Partitioned cookies

> On Nov 15, 2023, at 08:06, Adam Warfield > wrote: > > The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but > starting in 2024, browsers will begin enforcing the newer "Partitioned" > attribute for third-party cookies. Is there a way to

Partitioned cookies

The Rfc6265CookieProcessor supports setting the SameSite cookie attribute but starting in 2024, browsers will begin enforcing the newer "Partitioned" attribute for third-party cookies. Is there a way to set this attribute within Tomcat for things like the JSESSIONID and XSRF-TOKEN coo

Re: SameSite cookies shows as "Unset" but Header shows Correct Value

Just to confirm, we know that Chrome will block JSESSIONID it if sent over unsecure connection and with SameSite=None. But we saw the previously mentioned issue in Firefox. Thanks, On Wed, 11 Mar 2020 at 15:33, M. Manna wrote: > Hi All, > > Due to the recent issues with Chrome 80, we have had t

SameSite cookies shows as "Unset" but Header shows Correct Value

Hi All, Due to the recent issues with Chrome 80, we have had to make some changes for our context.xml to have SameSite attribute setup for CookieProcessor What we've noticed is that even though CookieProcessorBase captures and assigns the correct value (e.g. "None" or "Lax"), the Network tab of b

Re: SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 M, On 11/8/19 10:40, M. Manna wrote: > Interesting question. > > samesite attribute is also to protect cookies from possible > cross-site attacks. Even if you have super domain cookies, using > strict/lax shouldn't make any di

Re: SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 11/8/19 11:53, Mark Thomas wrote: >> All, >> >> I'm looking at using "samesite" cookies within my application. >> It looks as simple as setting the "sameSite" attribute >> approp

Re: SameSite cookies

> All, > > I'm looking at using "samesite" cookies within my application. It > looks as simple as setting the "sameSite" attribute appropriately on > the CookieProcessor for the , which isn't there in a default > configuration. So you just have t

Re: SameSite cookies

On Fri, Nov 8, 2019 at 4:04 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > I'm looking at using "samesite" cookies within my application. It > looks as simple as setting the &

Re: SameSite cookies

Hey Chris, Interesting question. samesite attribute is also to protect cookies from possible cross-site attacks. Even if you have super domain cookies, using strict/lax shouldn't make any difference for you, or does it? Thanks, On Fri, 8 Nov 2019 at 15:04, Christopher Schultz

SameSite cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, I'm looking at using "samesite" cookies within my application. It looks as simple as setting the "sameSite" attribute appropriately on the CookieProcessor for the , which isn't there in a default configurati

Re: Tomcat 7 - Sporadic problem re: cookies

onse. Unfortunately it doesn't appear to be a > > bad cookie name or value, as the identical set of cookies are > > passed (and parsed correctly) on requests that immediately precede > > and follow the failing request. That's pretty clear from both the > > Wireshark

Re: Tomcat 7 - Sporadic problem re: cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chad, On 2/27/18 9:02 PM, Chad Stansbury wrote: > Thanks for your response. Unfortunately it doesn't appear to be a > bad cookie name or value, as the identical set of cookies are > passed (and parsed correctly) on requests that immed

Re: Tomcat 7 - Sporadic problem re: cookies

Hello Chris - Thanks for your response. Unfortunately it doesn't appear to be a bad cookie name or value, as the identical set of cookies are passed (and parsed correctly) on requests that immediately precede and follow the failing request. That's pretty clear from both the Wireshark

Re: Tomcat 7 - Sporadic problem re: cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chad, On 2/27/18 9:44 AM, Chad Stansbury wrote: > We've been troubleshooting an issue where our web application is > getting a very occasional request that contains no cookies even > though a Wireshark on the application server shows

Tomcat 7 - Sporadic problem re: cookies

We've been troubleshooting an issue where our web application is getting a very occasional request that contains no cookies even though a Wireshark on the application server shows those cookies coming in on the request. I was able to replay the request that was captured via Wireshark, and

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

2016-11-10 16:02 GMT+01:00 Christopher Schultz : > http://mrcoles.com/media/test/cookies-max-age-vs-expires.html > > Just tested with Edge and MSIE11 on Win 10. Both fail to recognize the > expiration of a cookie when "expires" is not set and only max-age is set >

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

- >> and shrinking - market share I could be convinced. >> > > http://promincproductions.com/blog/set-cookie-expiration-date-browser- compatiability/ > > There's really conflicting info on this ... http://mrcoles.com/media/test/cookies-max-age-vs-expires.html Just test

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

2016-11-10 11:51 GMT+01:00 Mark Thomas : > Tempting. But IE/Edge represents ~30% of the current browser usage. If > we were talking about a browser will a much smaller - and shrinking - > market share I could be convinced. > http://promincproductions.com/blog/set-cookie-expiration-date-browser-co

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

gt;> I don't recall anyone raising it before now. >> >>> Has anyone else run into an issue with persistent cookies in Tomcat >>> 8.5+ and IE not working? >> >> I can confirm I see the same issue. >> >>> Does it make sense that the shi

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

; Has anyone else run into an issue with persistent cookies in Tomcat > > 8.5+ and IE not working? > > I can confirm I see the same issue. > > > Does it make sense that the shipping configuration would not work > > with IE for persistent cookies? > > I'll turn t

RE: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

ginal Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, November 07, 2016 9:25 AM To: Tomcat Users List Subject: Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions -BEGIN PGP SIGNED MESSAGE- Hash: S

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

lications. I'm +1 on adding an option, and I think it should be enabled *by default*. The name of the option should be more clear about what it actually does rather than "fix cookies for stupid MSIE" (as satisfying as that would be). It should be something more like supplyExpi

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

t;> Has anyone else run into an issue with persistent cookies in Tomcat >> 8.5+ and IE not working? > > I can confirm I see the same issue. > >> Does it make sense that the shipping configuration would not work >> with IE for persistent cookies? > > I'll tur

Re: Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

On 04/11/2016 19:10, Hedrick, Brooke - 43 wrote: > Sorry if this has been already asked. I searched the archives and > didn't find what I was looking for. I don't recall anyone raising it before now. > Has anyone else run into an issue with persistent cookies in Tomca

Tomcat 8.5.5 (8.5+) Default Cookie Processor breaks persistent cookies for all IE versions

Sorry if this has been already asked. I searched the archives and didn't find what I was looking for. Has anyone else run into an issue with persistent cookies in Tomcat 8.5+ and IE not working? We are seeing an issue where the new default cookie proc

Re: Webapp with underscore in it's name leads to failed session-cookies

set with the path /jsf%5ftest, while other cookies >>> (set by myfaces) were correctly set with the path /jsf_test. It >>> looks like firefox treats /jsf_test and /jsf%5ftest as >>> different pathes and therefore does not send the session cookie >>> with the next requ

Re: Webapp with underscore in it's name leads to failed session-cookies

On 22/06/2016 11:29, Mark Thomas wrote: > On 22/06/2016 09:28, Markus Näher wrote: >> In the web console of firefox, I could see that the session cookie was >> set with the path /jsf%5ftest, while other cookies (set by myfaces) were >> correctly set with the path /jsf_t

Re: Webapp with underscore in it's name leads to failed session-cookies

b console of firefox, I could see that the session cookie was > set with the path /jsf%5ftest, while other cookies (set by myfaces) were > correctly set with the path /jsf_test. > It looks like firefox treats /jsf_test and /jsf%5ftest as different > pathes and therefore does not send the

Webapp with underscore in it's name leads to failed session-cookies

open the tomcat manager (web) and the webapp's welcome page in the browser, I can see that every reload of the webapp page increases the session count. In the web console of firefox, I could see that the session cookie was set with the path /jsf%5ftest, while other cookies (set by myfaces) wer

Re: Multiple JSESSIONID cookies being presented.

t; Subject: Re: Multiple JSESSIONID cookies being presented. >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Jeffrey, >> >> On 9/10/15 12:26 PM, Jeffrey Janner wrote: >>> Thanks for all the help guys. I think I've sussed out what i

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Thursday, September 10, 2015 2:24 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > H

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Thursday, September 10, 2015 12:01 PM > To: Tomcat Users List > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jeffrey Janner [mailto:jef

Re: Multiple JSESSIONID cookies being presented.

ring and watching cookies > and access logs, both with and without a favicon.ico file, I found > that the doubling was happening only if the file was missing. I > checked the error.jsp file and it does have session=true set, and > if the icon file is missing, the error.jsp is definitely b

RE: Multiple JSESSIONID cookies being presented.

> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: Multiple JSESSIONID cookies being presented. > I checked the error.jsp file and it does have session=true set, and if the > icon file > is missing, the error.jsp is definitely being sent. > So

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, September 09, 2015 1:50 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > H

Re: Multiple JSESSIONID cookies being presented.

t; Subject: RE: Multiple JSESSIONID cookies being presented. >> >>> From: Jose María Zaragoza [mailto:demablo...@gmail.com] >>> Subject: Re: Multiple JSESSIONID cookies being presented. >> >>>> Thanks for the clarification of what's supposed to happen o

Re: Multiple JSESSIONID cookies being presented.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 9/4/15 4:40 PM, Jeffrey Janner wrote: > I'm surprised that Tomcat would use the "wrong" session id for > URL-rewriting when presenting the login screen. Are you saying > that, when showing the login page for /APP2, Tomcat will: > > a.

Re: Multiple JSESSIONID cookies being presented.

2015-09-09 18:08 GMT+02:00 Jeffrey Janner : >> -Original Message- >> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] >> Sent: Tuesday, September 08, 2015 4:58 PM >> To: Tomcat Users List >> Subject: RE: Multiple JSESSIONID cookies being prese

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, September 08, 2015 4:58 PM > To: Tomcat Users List > Subject: RE: Multiple JSESSIONID cookies being presented. > > > From: Jose María Zaragoza [mailto:demablo..

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Igor Cicimov [mailto:icici...@gmail.com] > Sent: Tuesday, September 08, 2015 10:09 PM > To: Tomcat Users List > Subject: RE: Multiple JSESSIONID cookies being presented. > > On 09/09/2015 7:13 AM, "Jeffrey Janner" > wrot

RE: Multiple JSESSIONID cookies being presented.

On 09/09/2015 7:13 AM, "Jeffrey Janner" wrote: > > > -Original Message- > > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > > Sent: Tuesday, September 08, 2015 9:22 AM > > To: Tomcat Users List > > Subject: Re: Multiple JSESSIONID coo

RE: Multiple JSESSIONID cookies being presented.

> From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Subject: Re: Multiple JSESSIONID cookies being presented. > > Thanks for the clarification of what's supposed to happen on receipt, Jose. > > However, I am describing what happens on first contact from the cl

Re: Multiple JSESSIONID cookies being presented.

2015-09-08 22:57 GMT+02:00 Jeffrey Janner : >> -Original Message- >> From: Jose María Zaragoza [mailto:demablo...@gmail.com] >> Sent: Tuesday, September 08, 2015 9:08 AM >> To: Tomcat Users List >> Subject: Re: Multiple JSESSIONID cookies being presented. &g

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:22 AM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:51 GMT+02:00 Jeffrey Janner : >

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Jose María Zaragoza [mailto:demablo...@gmail.com] > Sent: Tuesday, September 08, 2015 9:08 AM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > 2015-09-08 15:51 GMT+02:00 Jeffrey Janner : >

Re: Multiple JSESSIONID cookies being presented.

2015-09-08 15:51 GMT+02:00 Jeffrey Janner : >> -Original Message- >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Sent: Friday, September 04, 2015 12:46 PM >> To: Tomcat Users List >> Subject: Re: Multiple JSESSIONID cookies being p

Re: Multiple JSESSIONID cookies being presented.

2015-09-08 15:51 GMT+02:00 Jeffrey Janner : >> -Original Message- >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Sent: Friday, September 04, 2015 12:46 PM >> To: Tomcat Users List >> Subject: Re: Multiple JSESSIONID cookies being p

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > H

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 2:55 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > H

Re: Multiple JSESSIONID cookies being presented.

t; Subject: Re: Multiple JSESSIONID cookies being presented. >> > Jeffrey, > > On 9/4/15 12:37 PM, Jeffrey Janner wrote: >>>> I'm running Tomcat 8.0.24 on Ubuntu 14.04 with Java 8u45, but >>>> I'm also seeing this on Windows (version doesn't matter

RE: Multiple JSESSIONID cookies being presented.

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Friday, September 04, 2015 12:46 PM > To: Tomcat Users List > Subject: Re: Multiple JSESSIONID cookies being presented. > > -BEGIN PGP SIGNED MESSAGE- > H

Re: Multiple JSESSIONID cookies being presented.

cat 6.0.43 and Java 7U51. > > I have 2 contexts installed in Tomcat, one is ROOT, the other > APP2. Both contexts start off at a login screen unique to the > context and provided by it (not using container auth). > > When I connect to ROOT, no problem, but when I connect to APP2,

Multiple JSESSIONID cookies being presented.

start off at a login screen unique to the context and provided by it (not using container auth). When I connect to ROOT, no problem, but when I connect to APP2, I get 2 JSESSIONID cookies, one with the path "/" and the other with the path "/APP2/". On the Windows implementatio

Re: AW: Rfc6265 cookies starting with a dot

On 14/04/2015 09:05, Peter Schroer wrote: > This isn't possible because I'm writing some kind of proxy and I dont't have > any influence on the websites (and the cookies of course). It would be > possible to ignore invalid cookies if tomcat could be configured to do so. T

AW: Rfc6265 cookies starting with a dot

This isn't possible because I'm writing some kind of proxy and I dont't have any influence on the websites (and the cookies of course). It would be possible to ignore invalid cookies if tomcat could be configured to do so. Greetings Peter -Ursprüngliche Nachricht- V

Re: Rfc6265 cookies starting with a dot

On 14/04/2015 07:53, Peter Schroer wrote: > Hello, > > I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are > cookies starting with a dot I'm getting the following error: > > java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was

Rfc6265 cookies starting with a dot

Hello, I'm using tomcat 8.0.21 with the new Rfc6265 cookie processor. If there are cookies starting with a dot I'm getting the following error: java.lang.IllegalArgumentException: An invalid domain [.db-app.de] was specified for t

RE: How to enable cookies in Apache Tomcat

In attachment I've put the content of .jsp -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: vendredi 27 mars 2015 18:58 To: Tomcat Users List Subject: Re: How to enable cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 2:29 PM, Pavel Yermolenko wrote: > Indeed, I forgot about comments ... but after removing them the > issue persists - the pair tomcat/tomcat (for username/password) > still doesn't work. Hmm. Can you post the full contents of the

RE: How to enable cookies in Apache Tomcat

Ok Chuck, I'm sorry. I'll not repeat this error. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: vendredi 27 mars 2015 19:01 To: Tomcat Users List Subject: RE: How to enable cookies in Apache Tomcat > From: Pavel Yermolenko

RE: How to enable cookies in Apache Tomcat

..@christopherschultz.net] Sent: vendredi 27 mars 2015 18:58 To: Tomcat Users List Subject: Re: How to enable cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:54 PM, Pavel Yermolenko wrote: > In my default browser (Chrome) the cookies are enabled, t

RE: How to enable cookies in Apache Tomcat

Chris, Indeed, it was the case - after checking 2 other browsers (IE and Mozilla) I discovered that cookies weren't enable there. I enabled them in both (IE and Mozilla), but nothing changed in Eclipse when I run .jsp page. I can attach .jsp file (47kB), but not sure that it's su

RE: How to enable cookies in Apache Tomcat

> From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch] > Subject: RE: How to enable cookies in Apache Tomcat > In the meantime I've tried to access to Manager App page from main page This is a different issue, so should be discussed in a different thread. Read this first: http:

Re: How to enable cookies in Apache Tomcat

Pavel Yermolenko wrote: Hello Chuck, In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page is correctly displayed in browser. In the meantime I've tried to access to Manager App page from main page http://localhost:8080/, but access were refused (I tried use

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:54 PM, Pavel Yermolenko wrote: > In my default browser (Chrome) the cookies are enabled, the proof > is: the .jsp page is correctly displayed in browser. In the > meantime I've tried to access to Manager App page

RE: How to enable cookies in Apache Tomcat

Hello Chuck, In my default browser (Chrome) the cookies are enabled, the proof is: the .jsp page is correctly displayed in browser. In the meantime I've tried to access to Manager App page from main page http://localhost:8080/, but access were refused (I tried username = "tomcat&

Re: How to enable cookies in Apache Tomcat

try to test > it with tomcat. What you mean saying "Can you post some of the code > ... " ? The content of .jsp ? Yes, what does your .jsp file have in it? > When I use my default browser (Chrome), the .jsp page is correctly > visualized. Is it possible that you have cookies

RE: How to enable cookies in Apache Tomcat

Re: How to enable cookies in Apache Tomcat -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:07 PM, Pavel Yermolenko wrote: > Trying to test jsp page in Apache Tomcat 8.0, I've met problems - > opened page displays suggestions how to enable cookies in different > bro

RE: How to enable cookies in Apache Tomcat

> From: Pavel Yermolenko [mailto:py.oh...@sunrise.ch] > Subject: How to enable cookies in Apache Tomcat > Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened > page displays suggestions how to enable cookies in different browsers. > Is there some optio

Re: How to enable cookies in Apache Tomcat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pavel, On 3/27/15 1:07 PM, Pavel Yermolenko wrote: > Trying to test jsp page in Apache Tomcat 8.0, I've met problems - > opened page displays suggestions how to enable cookies in different > browsers. > > Is there some optio

How to enable cookies in Apache Tomcat

Hello, Hello, Trying to test jsp page in Apache Tomcat 8.0, I've met problems - opened page displays suggestions how to enable cookies in different browsers. Is there some option, allowing to setup/enable cookies in Apache Tomcat. Thanks in advance Pavel --- L'absenc

Re: Single Signon without Cookies

On 11/12/13 16:47, selvakumar netaji wrote: Hi Brian, Can you send us some sample unit tests if it doesn't violate any laws or infringements. Like tomcat itself, the unit tests are open source. The tests are all in the tc7 and tc8 repositories! Just do a svn checkout or browse them online.

Re: Single Signon without Cookies

Hi Brian, Can you send us some sample unit tests if it doesn't violate any laws or infringements.

Re: Single Signon without Cookies

let points, the last of which says: "The Single Sign On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies." I had always thought encoded url's were equ

Re: Single Signon without Cookies

ion, > > docs/config/host.html#Single Sign On > > ... which has six bullet points, the last of which says: > > "The Single Sign On feature utilizes HTTP cookies to transmit a token > that associates each request with the saved user identity, so it can > only be utiliz

Single Signon without Cookies

On feature utilizes HTTP cookies to transmit a token that associates each request with the saved user identity, so it can only be utilized in client environments that support cookies." I had always thought encoded url's were equally acceptable, but I was mistaken. The documentati

Re: with useHttpOnly="true" my browser could access cookies through javascript.

sionid. > from the code.I could see the below result Set-Cookie: > JSESSIONID=01D4A20F51FCE8F8401B47999524D8AB; > Path=/UserHttpOnlyTest/; Secure; HttpOnly > > I have one more question to the same context,is there a way to > enable the httponly to the non-container managed cook

Re: with useHttpOnly="true" my browser could access cookies through javascript.

th=/UserHttpOnlyTest/; Secure; HttpOnly I have one more question to the same context,is there a way to enable the httponly to the non-container managed cookies other than programatically? Adding the below lines in my application web.xml doenst have an impact on the header true I got the coo

Re: with useHttpOnly="true" my browser could access cookies through javascript.

Cookie("Mr.x","testing the > cookie"); cookie.setMaxAge(60*60); //1 hour String sessionid = > request.getSession().getId(); String contextPath = > request.getContextPath(); response.setHeader("SET-COOKIE", > "JSESSIONID=" + sessionid + "; Path=&q

with useHttpOnly="true" my browser could access cookies through javascript.

KIE", "JSESSIONID=" + sessionid + "; Path=" + contextPath); response.addCookie(cookie); response.addCookie(cookie1); pw.println("Cookies created"); When i verified http header,i am able to see the

Re: Tomcat 8 Websocket API - Cookies & Headers

ject"); > } > > It ain't pretty. IMO, it was a serious design flaw in the spec not to > provide ways to get the HttpSession and Cookies from the Session object. > Maybe I'll try to get on the EG for the next version. :-) > > N > > On Aug 23, 2013, at 1:01 PM, toddfa

Re: Tomcat 8 Websocket API - Cookies & Headers

ionObject", > request.getHttpSession()); >} > } > > Then later: > > @OnOpen > public void onOpen(Session session) { > >HttpSession httpSession = (HttpSession) > session.getUserProperties().get("httpSessionObject"); > } > > It ain

Re: Tomcat 8 Websocket API - Cookies & Headers

HttpSession httpSession = (HttpSession) session.getUserProperties().get("httpSessionObject"); } It ain't pretty. IMO, it was a serious design flaw in the spec not to provide ways to get the HttpSession and Cookies from the Session object. Maybe I'll try to get on the EG for the n

Re: Tomcat 8 Websocket API - Cookies & Headers

d after the handshake is finished. [WSC-4.4-1] It > designates an established connection and that means you are already in the > websocket world. I don;t see an easy way for doing this. Can you describe > the use case in greater details. What problem do you solve by having access > to the ha

Re: Tomcat 8 Websocket API - Cookies & Headers

eans you are already in the websocket world. I don;t see an easy way for doing this. Can you describe the use case in greater details. What problem do you solve by having access to the handshale request headers (incl cookies) in that phase? > > Thanks, > Todd > > > On Thu, Aug 22,

Re: Tomcat 8 Websocket API - Cookies & Headers

thinking I must be missing something simple. Any suggestions? Thanks, Todd On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski wrote: > On Fri, Aug 23, 2013 at 2:58 AM, toddfas wrote: > >> I'm trying to figure out how to get access to the cookies and headers >> passed up in t

Re: Tomcat 8 Websocket API - Cookies & Headers

On Fri, Aug 23, 2013 at 2:58 AM, toddfas wrote: > I'm trying to figure out how to get access to the cookies and headers > passed up in the Websocket handshake request on Tomcat 8. > > In Tomcat 7 the whole HttpServletRequest was passed into the > WebSocketServlet. createWeb

Tomcat 8 Websocket API - Cookies & Headers

I'm trying to figure out how to get access to the cookies and headers passed up in the Websocket handshake request on Tomcat 8. In Tomcat 7 the whole HttpServletRequest was passed into the WebSocketServlet. createWebSocketInbound method so it was easy to grab from the request headers. In Tom

Re: secure cookies

On Tue, Jul 30, 2013 at 9:39 PM, Jeffrey Janner wrote: > > -Original Message- > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Sent: Monday, July 29, 2013 8:21 PM > > To: Tomcat Users List > > Subject: Re: secure cookies > &g

RE: secure cookies

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Monday, July 29, 2013 8:21 PM > To: Tomcat Users List > Subject: Re: secure cookies > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Jeffrey, > >

Re: secure cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Prafull, On 7/30/13 9:44 AM, Prafull wrote: > On Tue, Jul 30, 2013 at 6:51 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Jeffrey, > > On 7/29/13 4:09 PM, Jeffrey Janner wrote: Thanks for the verification, Mark. I was

  1   2   3   4   >