You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by ve...@usal.es on 2011/10/13 19:01:34 UTC
Session error
hello!
I'm Vega of Salamanca, and I have written before to help me launch Wookie
with tomcat and mysql, but now I have another problem: when using the Demo
of a widget I get a message "Session error" with a button to accept . I
click on the button and the Demo of widgets works perfectly, any idea what
I'm doing wrong? Why do I get the error message? Is there any way to
remove that message?
Thank you.
Re: Session error
Posted by ve...@usal.es.
Exactly that was the problem and have solved, as you mentioned me.
Thank you.
> Hi Vega!
>
> This is a known problem with some of the latest versions of Tomcat:
>
>
> * [WOOKIE-222] - There is a known issue when using Tomcat 7.* with
> Wookie. Sometimes when a widget is actually
> loaded, a browser alert box sometimes appears informing the user of
> a "Session Error".
>
> This is caused by the DWR library used by Wookie for Comet-based
> widgets handling HTTP-only cookies incorrectly;
> Tomcat 7 uses HTTP-only cookies as the default setting to prevent
> cross-site scripting (XSS) attacks.
>
> A workaround is to add the following to the WEB-INF/web.xml file
>
> <init-param>
> <param-name>crossDomainSessionSecurity</param-name>
> <param-value>false</param-value>
> </init-param>
>
> Note that XSS prevention will still be in place in Tomcat 7; this
> just disables the additional mechanism
> implemented in DWR that conflicts with it.
>
> This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of
> Tomcat where useHttpOnly="true" is set.)
>
> I hope this fixes the issue for you.
>
> -S
>
> PS Thank you for bringing this up as we really should add this to the FAQ
> on the website
>
>
> On 13 Oct 2011, at 18:01, vegagd@usal.es wrote:
>
>> hello!
>> I'm Vega of Salamanca, and I have written before to help me launch
>> Wookie
>> with tomcat and mysql, but now I have another problem: when using the
>> Demo
>> of a widget I get a message "Session error" with a button to accept . I
>> click on the button and the Demo of widgets works perfectly, any idea
>> what
>> I'm doing wrong? Why do I get the error message? Is there any way to
>> remove that message?
>> Thank you.
>>
>
>
Re: Session error
Posted by Scott Wilson <sc...@gmail.com>.
Hi Vega!
This is a known problem with some of the latest versions of Tomcat:
* [WOOKIE-222] - There is a known issue when using Tomcat 7.* with Wookie. Sometimes when a widget is actually
loaded, a browser alert box sometimes appears informing the user of a "Session Error".
This is caused by the DWR library used by Wookie for Comet-based widgets handling HTTP-only cookies incorrectly;
Tomcat 7 uses HTTP-only cookies as the default setting to prevent cross-site scripting (XSS) attacks.
A workaround is to add the following to the WEB-INF/web.xml file
<init-param>
<param-name>crossDomainSessionSecurity</param-name>
<param-value>false</param-value>
</init-param>
Note that XSS prevention will still be in place in Tomcat 7; this just disables the additional mechanism
implemented in DWR that conflicts with it.
This is an issue for DWR 2.* with Tomcat 7.* (or earlier versions of Tomcat where useHttpOnly="true" is set.)
I hope this fixes the issue for you.
-S
PS Thank you for bringing this up as we really should add this to the FAQ on the website
On 13 Oct 2011, at 18:01, vegagd@usal.es wrote:
> hello!
> I'm Vega of Salamanca, and I have written before to help me launch Wookie
> with tomcat and mysql, but now I have another problem: when using the Demo
> of a widget I get a message "Session error" with a button to accept . I
> click on the button and the Demo of widgets works perfectly, any idea what
> I'm doing wrong? Why do I get the error message? Is there any way to
> remove that message?
> Thank you.
>