Hey Mark,
I was able to identify the problem - there was a session configuration with
cookie configuration in the catalina-base/web.xml file.
I just wanted to suggest that it would be great if logging could be enabled
to show not only what the parameters were set to, but also where the
values came from. It seems like the sessionCookiePath could be resolved in
many ways, such as from the filename of the war, context.xml file name, the
sessionCookiePath, the cookie-config under the web.xml file in the
catalina-base/conf directory or from the web.xml packaged in the WAR. I
haven't had a chance to look at the logic in the Apache code, but this
would be a helpful addition and would have saved a lot of time trying to
debug where the value came from.
--
Thanks,
Dan
On Thu, Feb 1, 2024 at 10:31 AM Mark Thomas <ma...@apache.org> wrote:
>
>
> On 27/01/2024 14:38, Dan McLaughlin wrote:
> > Hey Mark,
> >
> > If you see a bug report, then that will mean I was able to reproduce
> it. I
> > see different behaviors in our local docker environment. Still, it's
> > nowhere as complex as our production environment--where everything is
> > clustered and behind load balancers, etc... It probably would be easier
> > for me to reproduce in our pre-prod environment and attach a debugger to
> > see where the / is coming from.
> >
> > I glanced at the code, and SessionConfig is the only place setting the
> > CookiePath to / might happen. Would you agree?
> >
> > } else {
> > // Only handle special case of ROOT context where cookies require a
> > // path of '/' but the servlet spec uses an empty string
> > if (contextPath.length() == 0) {
> > contextPath = "/";
> > }
>
> There are other places such as the RewriteValve. I think debugging is
> your best option here.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
--
*NOTICE:* This e-mail message and all attachments transmitted with
it are for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure, or distribution is strictly prohibited. The contents of this
e-mail are confidential and may be subject to work product privileges. If
you are not the intended recipient, please contact the sender by reply
e-mail and destroy all copies of the original message.
