Bill Barker wrote:
"Paul Singleton" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]
If I set

   <Context cookies="false" ... >

will Tomcat ignore any JSESSIONID cookie which
accompanies a request?  Should it?


With any of the released versions, it won't ignore the cookie if the browser sends one. There is a patch in the SVN that causes at least TC 6 to ignore the cookie, but it seems to be buggy. More info at http://issues.apache.org/bugzilla/show_bug.cgi?id=43839.

As to "should", IMHO the cookies="false" should be more of a hint (like in the released versions of Tomcat), but I'm in the minority here.

Thanks for the info.  We were experimenting with a wholly
URL-encoding version of an app (this appeals for various
reasons) but on switching between them, found that a left-
-over session cookie broke the "no cookies" version.

Given the long-established, disputed behaviour of the
"cookies" attribute, we'd be happy with an additional
"cookiesIgnore" attribute (and no change to "cookies")

Paul S.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to