You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kristopher Briscoe <Kr...@air2web.com> on 2007/04/06 04:47:16 UTC
Disabling Cookies/enabling jsessionid
All:
Have an interesting issue. We have an application that was deployed
prior to my arrival to the company. When the application was first
deployed the admins left cookies=true enabled in server.xml. Our
applications are primarily used by phones/wap devices. These devices
store their cookies on the cell providers WAP Gateway. I've been
tasked with getting these applications load-balanced. I've
accomplished this on most applications by setting jvmRoute in server.xml
and configuring our load-balancers to pick up this string.
Here's the interesting part of the equation. Somehow I have to force
the tomcat engine to disregard the cookie sent by the phone and force
the engine to establish a jsessionid and pass this back to the wap
device. I've turned off the cookies in the engine. Has anyone else
encountered this? Any tips on an engine configuration that will force
tomcat to set a sessionid despite getting a cookie from the app?
Thanks,
Kris--
Kris Briscoe
Sr. UNIX Engineer
"Unix is very simple, but it takes a genius to understand the
simplicity"
Re: Disabling Cookies/enabling jsessionid
Posted by Rashmi Rubdi <ra...@gmail.com>.
The only setting I know of in server.xml (or in the Context xml file)
is setting cookies="false" for example:
<Context docBase="C:/dev/projects/01Practice/__source"
reloadable="true" cookies="false"/>
According to the definition of the cookies attribute:
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
"Set to true if you want cookies to be used for session identifier
communication if supported by the client (this is the default). Set to
false if you want to disable the use of cookies for session identifier
communication, and rely only on URL rewriting by the application."
After setting cookies="false" , the URL from one page to the next
needs to be rewritten, so for example:
<%@ page contentType="text/html;charset=UTF-8" language="java" session="true"%>
<html>
<head><title></title></head>
<body>
<%
session.setAttribute("test","test");
/* Rewrite URL
http://java.sun.com/javaee/5/docs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)
*/
String url = response.encodeURL("/p/test67/page2.jsp");
%>
<br/><br/>
<a href="<%=url%>">Go to page 2</a>
</body>
</html>
Also disable cookies in the *browser* , when the user clicks on the
above rewritten link, the jsessionid appears in the URL.
I don't know if the above answers your question, but I guess it comes close.
-Rashmi
On 4/5/07, Kristopher Briscoe <Kr...@air2web.com> wrote:
> Thanks for the response. The problem is that when the wap device passes
> the cookie on the initial setup tomcat sees this and even though cookies
> are disabled - doesn't set a jsessionid. Do you know if there is a
> directive or config parameter I can put in server.xml that forces the
> creation and setting of a jsessionid even though a cookie is passed?
>
> Thanks,
> Kris-
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Disabling Cookies/enabling jsessionid
Posted by Kristopher Briscoe <Kr...@air2web.com>.
Thanks for the response. The problem is that when the wap device passes
the cookie on the initial setup tomcat sees this and even though cookies
are disabled - doesn't set a jsessionid. Do you know if there is a
directive or config parameter I can put in server.xml that forces the
creation and setting of a jsessionid even though a cookie is passed?
Thanks,
Kris-
-----Original Message-----
From: Rashmi Rubdi [mailto:rashmi.sub@gmail.com]
Sent: Thursday, April 05, 2007 10:59 PM
To: Tomcat Users List
Subject: Re: Disabling Cookies/enabling jsessionid
If you disable cookies in the client's browser then jsessionid get
appended to the URL. I've tested this on IE and Firefox, there might
be a way to disable cookies in WAP browsers too.
-Rashmi
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Disabling Cookies/enabling jsessionid
Posted by Rashmi Rubdi <ra...@gmail.com>.
If you disable cookies in the client's browser then jsessionid get
appended to the URL. I've tested this on IE and Firefox, there might
be a way to disable cookies in WAP browsers too.
-Rashmi
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org