You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "DAVIES, GARETH I [AG-Contractor/1000]" <ga...@monsanto.com> on 2003/08/19 00:37:20 UTC

Cannot establish user session from IE4 using cookies

I'm not sure if this is a Struts issue or a Tomcat issue (or a Microsoft issue...), so I've sent this to both lists.
 
Configuration:
 - Win2K Server
 - IIS 5+
 - Jakarta JK2 Connection
 - Tomcat 4.1
 - SSL
 - Struts 1.1 Final
 - SecurityFilter 1.0.1
 
We are using Tomcat's container-managed (form-based) authentication with a custom realm (based on SecurityFilter's CatalinaRealmAdapter) and only allow HTTPS access to the web application. We have tested the application on a number of different workstations, both internal (i.e. on the client's corporate LAN) and external (e.g. over dialup or DSL), using several versions of various browsers. Most work fine, except for a "barebones" workstation earmarked for QA Validation testing. This machine is a 486 running Windows 95 and Internet Explorer 4.71, connecting using either dialup or DSL (makes no difference to this problem). When cookies are disabled, URL rewriting takes over and we can log in and use the application as designed. However, if we enable cookies, we are presented with an endless series of logon forms, each with a different jsessionid appended. Enabling the "cookie prompt" dialog reveals that TWO jsessionid cookies are returned from the server in each response with!
 identical domain and path information: the first is appended to the URL displayed in the Address bar. Manually replacing the first jsessionid value with the second and submitting the logon form (j_security_check) makes no difference. Again, all other tested clients function normally and disabling cookies on this particular client also works.
 
Does anyone have any insight in what is going on here? I have pored over mailing list/newsgroup postings all afternoon and am tearing my hair out. Why would I get TWO jsessionid cookies in a single response? Is there some mysterious IE4.x setting I don't know about? Any advice would be greatly appreciated!
 
Thanks,
 
Gareth Davies
Consultant - Daugherty Systems
Email:  <ma...@daugherty.com> daviesg@daugherty.com
Office: 314.432.8200  Fax: 314.432.8217
 
"[A solution] should be as simple as it needs to be and no simpler." - Albert Einstein