Anyone can enter a enhancement request into bugzilla since anyone may create a bugzilla account. If you supply a patch it has a better chance of being addressed, but you might have a hard argument to prove the patch does not open a security hole or cause another unintended session related bug.
-Tim
Michael Wyraz wrote:
Hi! I did the test: mozilla returns only one session-id per domain. ie returns both: the id of the parent domain and the new one.So it's not a browser bug. It's a tomcat bug ;-) I think tomcat (HttpProcessor.java?) has to be modified to check all of the session-ids returnd from the browser to find the right one. My personal workaround (until the bug is fixed) is to move the content from mydomain.com to www.mydomain.com. so the cookie does not conflict with the cookie from test.mydomain.com. Could one please add this bug to the bug database since i don't have an account there? Thanks a lot. Michael. On Mon, 13 Jan 2003 09:13:12 -0500, Tim Funk wrote:If a cookie is set for mydomain.com. Then the cookie is also sent to:www.mydomain.com foo.mydomain.com test.mydomain.comIf Mozilla is NOT doing that. Then Mozilla has a bug.In reality - what is really happening is you have 2 cookies set:
One for test.mydomain.com and one for mydomain.com. It just so happens that Mozilla is sending both cookies in such a way that tomcat gets lucky and picks up the right one for sessionid. IE sends it an incompatiable (but probably correct) way. Who knows what happens if you try using Opera.
Write a test page from www.mydomain.com and dump all your request headers and you'll probably see that you are getting sent 2 jsessionid cookies.
-Tim[...]
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
