Dan,
On 2/1/24 11:54, Dan McLaughlin wrote:
I was able to identify the problem - there was a session configuration with
cookie configuration in the catalina-base/web.xml file.
catalina-base/conf/web.xml?
I did mention on 26 Jan that this wasn't a good idea and could be
causing this kind of problem. Whatever is in the application's
WEB-INF/web.xml file should override the global setting, though. If you
are finding that it's not working that way, please file a bug.
I just wanted to suggest that it would be great if logging could be enabled
to show not only what the parameters were set to, but also where the
values came from. It seems like the sessionCookiePath could be resolved in
many ways, such as from the filename of the war, context.xml file name, the
sessionCookiePath, the cookie-config under the web.xml file in the
catalina-base/conf directory or from the web.xml packaged in the WAR. I
haven't had a chance to look at the logic in the Apache code, but this
would be a helpful addition and would have saved a lot of time trying to
debug where the value came from.
That may be a tall order. There are many many configurations settings
that can come from all over the place with defaults, default-defaults,
and spec-defined defaults. The session cookie path isn't particularly
special in this way... it just happens to be the one configuration
setting you are really really interested in, specifically.
Tracking exactly where a specific configuration setting came from would
likely require a lot of extra code for not much benefit.
-chris
On Thu, Feb 1, 2024 at 10:31 AM Mark Thomas <ma...@apache.org> wrote:
On 27/01/2024 14:38, Dan McLaughlin wrote:
Hey Mark,
If you see a bug report, then that will mean I was able to reproduce
it. I
see different behaviors in our local docker environment. Still, it's
nowhere as complex as our production environment--where everything is
clustered and behind load balancers, etc... It probably would be easier
for me to reproduce in our pre-prod environment and attach a debugger to
see where the / is coming from.
I glanced at the code, and SessionConfig is the only place setting the
CookiePath to / might happen. Would you agree?
} else {
// Only handle special case of ROOT context where cookies require a
// path of '/' but the servlet spec uses an empty string
if (contextPath.length() == 0) {
contextPath = "/";
}
There are other places such as the RewriteValve. I think debugging is
your best option here.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
