It's been a while since my last posting of this topic. I have a
work-around that perhaps someone may find it useful.
I worked around the issue by implementing a Tomcat Valve, and screen out
for the jsessionsso cookie on every request. If I find it, I reinsert
it back into the response within the valve to touch the timestamp of the
jssessionsso cookie. This way, when IE wants to throw away a cookie,
jsessionsso would be the last one it picks. It's not a perfect solution
but there is nothing I can do about IE's deficiency (how often do you
see Microsoft rigidly conforms to a spec?)
Thanks,
--
Rick
Rick Wong wrote:
Hi,
I am using Tomcat 5.0.26. I have 20+ web applications hooked up with
single-sign-on. Each web application generates a JESSIONID session
cookie with a different path, and shares a single JSESSIONIDSSO.
When testing my suite of applications, I notice that IE consistently
drops my login after accessing the 20th web application within a
session. I did some research and learned about RFC 2109 where HTTP
agents should support a minimum of 20 session cookies per domain.
That appears to be just what IE does. The following Microsoft
knowledgebase article explains that:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I
suspect JSESSIONIDSSO was the oldest cookie, and was the first to get
dropped by IE when reaching over 20 session cookies. Firefox does not
have this problem.
Knowing that I cannot easily refactor the application suite to make
less number of web application (< 19), I am wondering if anyone else
has this problem, and if and how I might work around this IE limitation.
Thanks,
--
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]