You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Markus Chilla <Ma...@t-online.de> on 2003/03/25 08:51:01 UTC
Tomcat Session Management Problems
Hi there,
I don't know if this mail is addressed correctly in here ... anyhow ...
I'm using Tomcat 4.0.x, 4.1.x (up to .24) and Tomcat 3.3.1a for
developing WAP-enabled portals.
I must not use cookies for session handling (because WAP-Gateways
sometimes allow cookies but they're not handled as referenced in RFC),
so I used <SessionId cookiesFirst="false" noCookies="true" /> in
server.xml under Tomcat 3.3.1a and everything works fine for my needs.
Unfortunately this won't work under Tomcat 4 (and 5dev) anymore.
I switched "cookies" to "false" in app context with Tomcat-Administrator
but the behavior is the same.
It tries to use cookies all the time ...
As I didn't see any possibility to override automatic use of cookies for
session management, I rewrote parts of the "response.encodeURL()" method
(and used it instead of response.encodeURL) to append "jsessionid" every
time. This works, as said, fine under Tomcat3 but not on Tomcat4 and
above ...
My method encodeURL() remarked the following part in method
isEncodeable()
private static boolean isEncodeable(String location,
HttpServletRequest request_) {
...
...
// if (request_.isRequestedSessionIdFromCookie())
// return (false);
...
...
}
is there any possibility to let this work under TOMCAT >= 4 or ...
is it a bug or a feature ??!
Because it works fine under Tomcat3 ...
Any help would be appreciated very much ...
Thanks in advance,
Markus