You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by mfs <fa...@gmail.com> on 2008/01/25 19:52:49 UTC
When cookies are disabled by the browser ?
Guys,
I have got my web app deployed on the tomcat 6.0.13, I wonder what
configuration do i have to do so as to make tomcat (built-in http server)
handles the scenario where a user has disabled the cookies on the browser ?
though that wouldnt be the case for most of the users but still if that is
so i would want my application (and all session based scenarios) to function
normally..
Initially i thought that this would be all taken care of transparently and
the sessionId would become part of the url for all requests to the server
but thats not the case and my application is taking me to session-expired
page for all the links i click on..i guess thats because neither of those
links have sessionId post-fixed in it...
Please comments..
Thanks in advance
--
View this message in context: http://www.nabble.com/When-cookies-are-disabled-by-the-browser---tp15094450p15094450.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: When cookies are disabled by the browser ?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Farhan,
mfs wrote:
\> I have got my web app deployed on the tomcat 6.0.13, I wonder what
| configuration do i have to do so as to make tomcat (built-in http server)
| handles the scenario where a user has disabled the cookies on the
browser ?
Tomcat will use cookies if they are available but will use URL rewriting
if cookies are not available.... (see below)
| Initially i thought that this would be all taken care of transparently and
| the sessionId would become part of the url for all requests to the server
| but thats not the case and my application is taking me to session-expired
| page for all the links i click on..i guess thats because neither of those
| links have sessionId post-fixed in it...
Tomcat handles this "transparently" through the use of a pair of methods
~ (that is, it's pretty much /not/ transparent): You need to run all your
URLs through HttpServletResponse.encodeURL (or
HttpServletResponse.encodeRedirectURL... these methods will actually
perform the rewriting.
If you use a JSP tag library to generate your URLs, it probably handles
this for you already. Otherwise, you will have a lot of work to do in
order to go back through all your web pages to add this bit of code to
each URL that you emit.
Good luck,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkeaat4ACgkQ9CaO5/Lv0PBmiACgpBmtHzKtnJvW3WcgvAzz7UAV
7CIAnRIBRsUcAiYEk6fiAxDozsNYbqoe
=7Yke
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org