You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Eryq <er...@zeegee.com> on 2001/08/01 02:54:38 UTC

TC4 + apache + warp - cookies = error

Now accessing TC4 through Apache.  It mostly works
perfectly, but there's a show-stopper: cookies.

-----------------------------------------------
THE SETUP:

	Apache: 	1.3.20
	Catalina: 	CVS this week (4.0b7++)
	mod_webapp: 	CVS this week
	warp.jar:	from latest mod_webapp
	

-----------------------------------------------
THE PROBLEM: 

I am trying to disable cookies for
all webapps under Catalina... or at least, for a given
Context.  When I access the webapp through Catalina
directly, the right thing happens.  But when I go 
through Apache via Warp, Catalina does the wrong
thing.  You can try this out with /examples/servlet/SessionExample.

In some cases, it fails to recognize and strip off the
trailing ";jsessionid=****", and so Catalina seems
to think the ";..." is part of the URI, raising
this:

	HTTP Status 404 - /examples/servlet/SessionExample;jsessionid=9271664256C7E592889000D43292C845
	
	The requested resource (/examples/servlet/SessionExample;jsessionid=9271664256C7E592889000D43292C845) 
	is not available. 

In other cases, it seems to disregard the "cookies=false"
in server.xml, and it tries to give me a cookie.
BTW, my "server.xml" contains this:

       <Context path="/examples" docBase="examples" debug="0" 
                cookies="false" 
                reloadable="true">
	...

I don't quite know if this is correct, but it seemed
to do the right thing when Apache was not part of
the picture.  Going through Warp, however, broke
this approach (see below).

-----------------------------------------------
WHY THIS IS A BIG PROBLEM:

This is for a US Government site, and by Federal order,
we are not to use cookies in our web apps at all.
This is to make access to our sites more anonymous,
but it can make life a little difficult.

-----------------------------------------------
TESTS THAT WE RAN:

Again, this is simply mounting /examples through Warp
and hitting /examples/servlet/SessionExample:
Here's a quick test matrix, varying whether:

	1. Netscape did/didn't have cookies enabled
	2. We accessed via Apache (as opposed to TC4 directly)
	3. We set cookies true/false in the server.xml context.

The table (i'm hoping I've transcribed it correctly):

	Browser	Access	Cookies
	cookies	via	on in
	enabled	apache	Context	RESULT:
	------	------	------	------
	no	no	no	ok
	no	no	yes	ok
	no	yes	no	FAIL [1]
	no	yes	yes	FAIL [2]
	yes	no	no	ok	
	yes	no	yes	ok
	yes 	yes	no	FAIL [3]
	yes	yes	yes	ok
	
[1] 404 on the jsessionid=....
[2] 404 on the jsessionid=....
[3] Apache asks the browser for a cookie.

-----------------------------------------------
CONCLUSION:

The problem only appears when you access the webapp
via Apache, and attempt to NOT use cookies -- 
by turning them off in your browser, or
by disabling them in the context, or both.


Thanks in advance,
-- 
Eryq, http://www.zeegee.com/eryq 
WANTED:  Schrodinger's Cat.  Dead and/or Alive.

Re: TC4 + apache + warp - cookies = error

Posted by Remy Maucherat <re...@betaversion.org>.
Quoting Eryq <er...@zeegee.com>:

Nice report.

Can you file it in bugzilla ?

Thanks,
Remy

Re: TC4 + apache + warp - cookies = error

Posted by Eryq <er...@zeegee.com>.
"Pier P. Fumagalli" wrote:

> Ok... Gotcha... So, the session _IS_ correctly handled if going thru
> cookies, but if it's URLencoded, it's not...
> 
> Will dig into that tomorrow first thing in the morning (bear with me, can
> you please post a bug in BugZilla so that we can keep track of what was
> found faulty and when it was fixed, I know, it's a big pain in the ass,
> but... :) :) :)

Not a problem.  I classified the bug as UNCONFIRMED and voted
once for it.  Hope that was the right thing to do.

Eryq

Re: TC4 + apache + warp - cookies = error

Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Ok... Gotcha... So, the session _IS_ correctly handled if going thru
cookies, but if it's URLencoded, it's not...

Will dig into that tomorrow first thing in the morning (bear with me, can
you please post a bug in BugZilla so that we can keep track of what was
found faulty and when it was fixed, I know, it's a big pain in the ass,
but... :) :) :)

Should be an easy fix.... (unlikely bug #2933)

Eryq at eryq@zeegee.com wrote:
> 
> Browser    Access    Cookies
> cookies    via    on in
> enabled    apache    Context    RESULT:
> ------    ------    ------    ------
> no    no    no    ok
> no    no    yes    ok
> no    yes    no    FAIL [1]
> no    yes    yes    FAIL [2]
> yes    no    no    ok
> yes    no    yes    ok
> yes     yes    no    FAIL [3]
> yes    yes    yes    ok
> 
> [1] 404 on the jsessionid=....
> [2] 404 on the jsessionid=....
> [3] Apache asks the browser for a cookie.

[3] happens because sessions are not get from the URL, so, Tomcat forces a
cookie request if cookies can be accepted by the browser...

Thanks _SO_MUCH_ for the invaluable input...

    Pier