You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Gerrit Einhoff <ge...@gmx.de> on 2003/05/14 00:46:31 UTC

Session tracking over redirections with multiple domain names

Hi.

I got the following web application setup with Tomcat 4.0.3 behind Apache 1.3:

JSP1 with a <form> 
--POST--> servlet 
--relative-redirect(response.sendRedirect())--> JSP2

A session is supposed to be held over all three requests (JSP, servlet, JSP). 
The problem is that my host has multiple domain-names, but Tomcat sends the 
redirect to the domain name that is configured in the <host>-tag in 
server.xml. This is no problem with URL-rewriting but looses the session for 
JSP2 if cookies are used.

Example:

<host name="domain1.com">
domain1.com and domain2.com both point to the same virtual server in apache.

browse to: http://domain2.com/JSP1
submit form
--> request: http://domain2.com/servlet
servlet uses response.sendRedirect("JSP2");
Tomcat sends:
--> redirect: http://domain1.com/JSP2

Now since the browser registered the cookie for domain2.com, it does not send 
it back for the JSP2 request. Therefore JSP2 requests a new cookie and looses 
the old session.

Is there a way to tell Tomcat to use the same domain for redirect that the 
request used? Is there another way to avoid this problem?

I already experimented with the <Alias> field in <Host>, but I don't really 
understand what it's good for... Can anybody explain?

Thanks a lot, Gerrit



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org