You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mike Spreitzer <ms...@us.ibm.com> on 2001/06/11 19:52:00 UTC

question on affinity for cookies

I have a web application served by Tomcat (currently 3.2.2b3).  I've 
configured Tomcat to offer both a secured connector at HTTPS://host:8086/ 
and an unsecured version available at HTTP://host:8085/.  My question is, 
should I expect my servlets to see the same "session attributes" when a 
client uses either of the two scheme&port pairs?

My experience is that it depends on the browser.  For IE 5.0 on Win2K, the 
session attributes are common across the two prefixes; for Netscape 4.75 
on the same client machine, the session attributes associated with one 
prefix are independent of the session attributes associated with the 
other.

Which is correct, and what are my options for getting consistent behavior?

Thanks,
Mike

Re: question on affinity for cookies

Posted by pi...@centras.lt.

You are right about the browsers. Netscape doesn't share cookies if ports
are different, even if the URL is the same. And IE does. So if your are not
using URL rewriting, then you get new session with Netscape if you change
port.

One way to solve the issue is to use URL rewriting instead of cookies.
Other way is to put session ID into URL only into links where you switch the
port. However in this way you'll have to look up session yourself (note that
getting session by ID is forbidden now in the Servlet API).

Hope this will clarify the situation.

--
Arunas Miliunas
Programmer,
No Magic, Lithuania
email: arunasm@nomagiclt.com

----- Original Message -----
From: "Mike Spreitzer" <ms...@us.ibm.com>
To: <to...@jakarta.apache.org>
Sent: Monday, June 11, 2001 7:52 PM
Subject: question on affinity for cookies


> I have a web application served by Tomcat (currently 3.2.2b3).  I've
> configured Tomcat to offer both a secured connector at HTTPS://host:8086/
> and an unsecured version available at HTTP://host:8085/.  My question is,
> should I expect my servlets to see the same "session attributes" when a
> client uses either of the two scheme&port pairs?
>
> My experience is that it depends on the browser.  For IE 5.0 on Win2K, the
> session attributes are common across the two prefixes; for Netscape 4.75
> on the same client machine, the session attributes associated with one
> prefix are independent of the session attributes associated with the
> other.
>
> Which is correct, and what are my options for getting consistent behavior?
>
> Thanks,
> Mike
>