You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Eryq <er...@zeegee.com> on 2001/08/01 02:54:38 UTC
TC4 + apache + warp - cookies = error
Now accessing TC4 through Apache. It mostly works
perfectly, but there's a show-stopper: cookies.
-----------------------------------------------
THE SETUP:
Apache: 1.3.20
Catalina: CVS this week (4.0b7++)
mod_webapp: CVS this week
warp.jar: from latest mod_webapp
-----------------------------------------------
THE PROBLEM:
I am trying to disable cookies for
all webapps under Catalina... or at least, for a given
Context. When I access the webapp through Catalina
directly, the right thing happens. But when I go
through Apache via Warp, Catalina does the wrong
thing. You can try this out with /examples/servlet/SessionExample.
In some cases, it fails to recognize and strip off the
trailing ";jsessionid=****", and so Catalina seems
to think the ";..." is part of the URI, raising
this:
HTTP Status 404 - /examples/servlet/SessionExample;jsessionid=9271664256C7E592889000D43292C845
The requested resource (/examples/servlet/SessionExample;jsessionid=9271664256C7E592889000D43292C845)
is not available.
In other cases, it seems to disregard the "cookies=false"
in server.xml, and it tries to give me a cookie.
BTW, my "server.xml" contains this:
<Context path="/examples" docBase="examples" debug="0"
cookies="false"
reloadable="true">
...
I don't quite know if this is correct, but it seemed
to do the right thing when Apache was not part of
the picture. Going through Warp, however, broke
this approach (see below).
-----------------------------------------------
WHY THIS IS A BIG PROBLEM:
This is for a US Government site, and by Federal order,
we are not to use cookies in our web apps at all.
This is to make access to our sites more anonymous,
but it can make life a little difficult.
-----------------------------------------------
TESTS THAT WE RAN:
Again, this is simply mounting /examples through Warp
and hitting /examples/servlet/SessionExample:
Here's a quick test matrix, varying whether:
1. Netscape did/didn't have cookies enabled
2. We accessed via Apache (as opposed to TC4 directly)
3. We set cookies true/false in the server.xml context.
The table (i'm hoping I've transcribed it correctly):
Browser Access Cookies
cookies via on in
enabled apache Context RESULT:
------ ------ ------ ------
no no no ok
no no yes ok
no yes no FAIL [1]
no yes yes FAIL [2]
yes no no ok
yes no yes ok
yes yes no FAIL [3]
yes yes yes ok
[1] 404 on the jsessionid=....
[2] 404 on the jsessionid=....
[3] Apache asks the browser for a cookie.
-----------------------------------------------
CONCLUSION:
The problem only appears when you access the webapp
via Apache, and attempt to NOT use cookies --
by turning them off in your browser, or
by disabling them in the context, or both.
Thanks in advance,
--
Eryq, http://www.zeegee.com/eryq
WANTED: Schrodinger's Cat. Dead and/or Alive.
Re: TC4 + apache + warp - cookies = error
Posted by Remy Maucherat <re...@betaversion.org>.
Quoting Eryq <er...@zeegee.com>:
Nice report.
Can you file it in bugzilla ?
Thanks,
Remy
Re: TC4 + apache + warp - cookies = error
Posted by Eryq <er...@zeegee.com>.
"Pier P. Fumagalli" wrote:
> Ok... Gotcha... So, the session _IS_ correctly handled if going thru
> cookies, but if it's URLencoded, it's not...
>
> Will dig into that tomorrow first thing in the morning (bear with me, can
> you please post a bug in BugZilla so that we can keep track of what was
> found faulty and when it was fixed, I know, it's a big pain in the ass,
> but... :) :) :)
Not a problem. I classified the bug as UNCONFIRMED and voted
once for it. Hope that was the right thing to do.
Eryq
Re: TC4 + apache + warp - cookies = error
Posted by "Pier P. Fumagalli" <pi...@betaversion.org>.
Ok... Gotcha... So, the session _IS_ correctly handled if going thru
cookies, but if it's URLencoded, it's not...
Will dig into that tomorrow first thing in the morning (bear with me, can
you please post a bug in BugZilla so that we can keep track of what was
found faulty and when it was fixed, I know, it's a big pain in the ass,
but... :) :) :)
Should be an easy fix.... (unlikely bug #2933)
Eryq at eryq@zeegee.com wrote:
>
> Browser Access Cookies
> cookies via on in
> enabled apache Context RESULT:
> ------ ------ ------ ------
> no no no ok
> no no yes ok
> no yes no FAIL [1]
> no yes yes FAIL [2]
> yes no no ok
> yes no yes ok
> yes yes no FAIL [3]
> yes yes yes ok
>
> [1] 404 on the jsessionid=....
> [2] 404 on the jsessionid=....
> [3] Apache asks the browser for a cookie.
[3] happens because sessions are not get from the URL, so, Tomcat forces a
cookie request if cookies can be accepted by the browser...
Thanks _SO_MUCH_ for the invaluable input...
Pier