You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kenneth topp <ca...@prodigy.net> on 2000/11/09 06:12:35 UTC
Possible bug in tomcat wrt setting cookies?
I think this is a bug:
A servlet includes a .jsp (via include() not forward() )
The servlet always creates a session.
the session cookie never get's set, because the SessionInterceptor doesn't
have the Response that was given the sessionId... or something.
Does this sound right? If I addCookie in the servlet, it will get sent
when the user goes through an include.
TIA,
Kenneth Topp
Re: Possible bug in tomcat wrt setting cookies?
Posted by "yhs@mimic.onesourcecorp.com" <yh...@mimic.onesourcecorp.com>.
On Thu, 9 Nov 2000, Craig R. McClanahan wrote:
> Yes, this is a real bug in 3.2b6 (and probably earlier). I checked in a patch
> for it earlier this week, which will be included in b7 and the eventual release.
><SNIP>
> put eyeballs to them. Anyone else who wants to help is urged to check out the
> "tomcat_32" branch from CVS and help us get this right.
>
> Craig
>
The nightly binary builds are broken on apache.org (0 bytes). can someone
fix em ?
-Ys-
yhs@mimic.onesourcecorp.com
Re: Possible bug in tomcat wrt setting cookies?
Posted by kenneth topp <ca...@prodigy.net>.
Thanks for the information Craig,
I just got a checkout of tomcat_32, so I will look at it.
Kenneth
On Thu, 9 Nov 2000, Craig R. McClanahan wrote:
> Yes, this is a real bug in 3.2b6 (and probably earlier). I checked in a patch
> for it earlier this week, which will be included in b7 and the eventual release.
>
> What caused the problem was kind of interesting -- the session stuff was
> abstracted out into a RequestInterceptor, which would add the session cookie if
> necessary. The error case showed up when the first flush of the buffer occurred
> in the included servlet/page, rather than the outer page before the include.
> The session interceptor would be fired, and it would try to add the cookie ...
> but included servlets/pages are (correctly) forbidden from trying to add cookies
> or headers, so it never really got added.
>
> The current workaround is to force a response.flushBuffer() before processing
> the include. However, this is related to some other RequestDispatcher issues
> (such as the fact that RD did not use to propogate exceptions to the caller, in
> violation of the spec). Larry just checked in some changes -- it's my turn to
> put eyeballs to them. Anyone else who wants to help is urged to check out the
> "tomcat_32" branch from CVS and help us get this right.
>
> Craig
>
>
> kenneth topp wrote:
>
> > I apologize, this is with tomcat 3.2b4 and 3.2b6
> >
> > Thanks,
> >
> > On Wed, 8 Nov 2000, kenneth topp wrote:
> >
> > >
> > > I think this is a bug:
> > >
> > > A servlet includes a .jsp (via include() not forward() )
> > >
> > > The servlet always creates a session.
> > >
> > > the session cookie never get's set, because the SessionInterceptor doesn't
> > > have the Response that was given the sessionId... or something.
> > >
> > > Does this sound right? If I addCookie in the servlet, it will get sent
> > > when the user goes through an include.
> > >
> > > TIA,
> > >
> > > Kenneth Topp
> > >
> > >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
Re: Possible bug in tomcat wrt setting cookies?
Posted by "Craig R. McClanahan" <Cr...@eng.sun.com>.
Yes, this is a real bug in 3.2b6 (and probably earlier). I checked in a patch
for it earlier this week, which will be included in b7 and the eventual release.
What caused the problem was kind of interesting -- the session stuff was
abstracted out into a RequestInterceptor, which would add the session cookie if
necessary. The error case showed up when the first flush of the buffer occurred
in the included servlet/page, rather than the outer page before the include.
The session interceptor would be fired, and it would try to add the cookie ...
but included servlets/pages are (correctly) forbidden from trying to add cookies
or headers, so it never really got added.
The current workaround is to force a response.flushBuffer() before processing
the include. However, this is related to some other RequestDispatcher issues
(such as the fact that RD did not use to propogate exceptions to the caller, in
violation of the spec). Larry just checked in some changes -- it's my turn to
put eyeballs to them. Anyone else who wants to help is urged to check out the
"tomcat_32" branch from CVS and help us get this right.
Craig
kenneth topp wrote:
> I apologize, this is with tomcat 3.2b4 and 3.2b6
>
> Thanks,
>
> On Wed, 8 Nov 2000, kenneth topp wrote:
>
> >
> > I think this is a bug:
> >
> > A servlet includes a .jsp (via include() not forward() )
> >
> > The servlet always creates a session.
> >
> > the session cookie never get's set, because the SessionInterceptor doesn't
> > have the Response that was given the sessionId... or something.
> >
> > Does this sound right? If I addCookie in the servlet, it will get sent
> > when the user goes through an include.
> >
> > TIA,
> >
> > Kenneth Topp
> >
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: Possible bug in tomcat wrt setting cookies?
Posted by kenneth topp <ca...@prodigy.net>.
I apologize, this is with tomcat 3.2b4 and 3.2b6
Thanks,
On Wed, 8 Nov 2000, kenneth topp wrote:
>
> I think this is a bug:
>
> A servlet includes a .jsp (via include() not forward() )
>
> The servlet always creates a session.
>
> the session cookie never get's set, because the SessionInterceptor doesn't
> have the Response that was given the sessionId... or something.
>
> Does this sound right? If I addCookie in the servlet, it will get sent
> when the user goes through an include.
>
> TIA,
>
> Kenneth Topp
>
>
>
>