Hi, I have an interesting problem (I think) that I wonder if someone could assist me with.
I want to do cross-domain scripting. I have some java-script that makes a cross-domain http request to a Tomcat server. This works fine as long as third-party cookies are allowed in the browser. Tomcat can keep track of the session by the jsessionId. If cookies are not allowed at all in the browser, I simple let the java-script decide to not make a cross-domain call at all. Those are not interesting for my application. My problems appear when first part cookies are allowed, but third-party is not (the default settings in IE7 I think). The java-script will think that cookies are allowed and make the cross-domain http call. Since third party cookies are not allowed, Tomcat is not allowed to set a jsessionId on a cookie, but instead add the jsessionId on the URL. This is unfortunately not good enough for me. When third-party cookies are allowed, my java-script provides a first-part cookie in the cross-domain http call. I use this value to identify the user, and set it on the session created by Tomcat. If however Tomcat cannot set cookies, since third-party cookie is not allowed, I simply cannot do like this. So what do I actually want to achieve? I would like Tomcat to bypass its "sanity" check when URL-rewrite is done. I want Tomcat to create a session with a key (jsessionId) I provides it with. Does this sound totally insane? Maybe it is. Perhaps there is another solution I have not thought of? I know there is another solution, running Tomcat session-less and write to a file/db for each call, but because of performance reasons, I would like to avoid this. Any ideas/proposals? /jonas -- View this message in context: http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13904100 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
