2011/9/14 Rudy Gireyev <rgire...@gmail.com>: > Thank you P for the response. I admit I don't 100% understand what you mean by > "Sounds like the session isn't being maintained in between requests." > Is this something that I'm doing wrong? Or is this something outside > of my control? > > The strange thing is that this very same code works just fine and is > able to interact with the session just fine when the url-pattern is > /jsp/*. However as soon as the pattern is changed to /* the session > becomes unusable.
In short: 1. When session cookie is created in recent versions of Tomcat, the Path parameter in it is set to webappName + "/". 2. Requests to "webappName" are usually automatically redirected to "webappName + /" (Tomcat sends response code 302), but in some rare configurations this redirect does not happen. I do not remember what exactly are the circumstances, but I think that this involved a servlet that is mapped to "/*", and maybe absence of a welcome page. If your servlet reacts to request to "webappName", then the sessionCookie with Path of "webappName + "/"" woundn't be sent by browser when it repeats the request. The reason for appending "/" to the session cookie path is that otherwise some web browsers do send cookies set by "foo" webapp when client requests "foobar", and that is insecure. It should be possible to explicitly configure the Path attribute of the session cookie using cookie-config element in web.xml. See cookie-configType in http://java.sun.com/xml/ns/javaee/web-common_3_0.xsd Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
