On 04/02/2011 22:02, Brian Cross wrote: > Hello Tomcat experts, I am looking at going from Tomcat 6 to 7 on Linux > and ran into a strange issue. I cannot get an http session to "stick" > when using Internet Explorer. A new session gets created every time you > load the test page in IE only. I have verified this issue on IE 6, IE > 8, and IE9 beta. Chrome and Firefox work as expected. I am just trying > to get a session to stick, but in IE itcreates a new one for each > request. This does NOT happen when running Tomcat 7 on Windows. Thanks > very much for your help! > > My test code is just<h3>Session ID =<%=request.getSession().getId()%></h3> > > Test URL (broken) on Tomcat 7: > http://www.tigernet.com:8180/t/test/sessiontest.jsp > > Test URL (working) on Tomcat 6 > http://www.tigernet.com/t/test/sessiontest.jsp > > Old Bug possibly related? > https://issues.apache.org/bugzilla/show_bug.cgi?id=49525
Sort of. Tomcat 7 is stricter in enforcing various specifications including the cookie specification which states that / is not allowed in a cookie value unquoted. Unfortunately / gets used a lot in cookies in the path and if correctly quoted - i.e. path="/..." - IE chokes. Not exactly a surprise considering just how badly IE adheres to the cookie specs. To avoid exactly the issue you are seeing, Tomcat 7 does not enforce this part of the specification by default. I suggest a careful read of the following Tomcat 7 docs http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html with particular reference to org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR and org.apache.catalina. STRICT_SERVLET_COMPLIANCE. My guess is that you have set one or other of these to true. I usually run Tomcat with the following: org.apache.catalina. STRICT_SERVLET_COMPLIANCE=true org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
