You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by pixel <pi...@pixelfreak.net> on 2001/10/19 21:17:22 UTC

Setting Cookies in Filters

  I'm attempting to add a cookie to a user agent in a servlet filter. 
When a request comes in, i check the request and see if the cookie 
already exists. If it is not found, I generate a new cookie with a 
unique value and add it to the response object.

What i'm finding is that the cookie's visibility seems to change 
depending on the request.

What is the default behavior of creating a cookie without a path? Does 
the cookies path default to the request URI when added? I've started 
explicitly set the path of this cookie to "/" which seems to have fixed 
this behavior, but I'm trying to clarify that this was the root of my 
problem.

Thanks,

~Scott

Re: Pls fix SSLAuthenticator.java

Posted by "Craig R. McClanahan" <cr...@apache.org>.

It's more likely that things like this will be dealt with if you submit
them as bug reports in the bug tracking system:

  http://nagoya.apache.org/bugzilla/

Craig


On Mon, 22 Oct 2001, Kar YEOW wrote:

> Date: Mon, 22 Oct 2001 15:50:25 +1000
> From: Kar YEOW <ka...@apir.com.au>
> Reply-To: tomcat-user@jakarta.apache.org, Kar YEOW <ka...@apir.com.au>
> To: tomcat-user@jakarta.apache.org
> Subject: Pls fix SSLAuthenticator.java
>
> During testing of logout from SingleSignOn, I discovered that the logout
> failed because when using CLIENT-CERT SSLAuthenticator.java authenticate
> method never associate the session with SingleSignOn.  I wonder those who
> have access to Source could pls fix SSLAuthenticator.java.  TIA.
> Kar
>
> PS Here are the bit of codes in FormAuthenticator.java I think should also
> be in SSLAuthenticator.java
>
>         // Have we already authenticated someone?
>         Principal principal = hreq.getUserPrincipal();
>         if (principal != null) {
>             if (debug >= 1)
>                 log("Already authenticated '" +
>                     principal.getName() + "'");
>             String ssoId = (String)
> request.getNote(Constants.REQ_SSOID_NOTE);
>             if (ssoId != null)
>                 associate(ssoId, getSession(request, true));
>             return (true);
>         }
>
>
>
>
>

Pls fix SSLAuthenticator.java

Posted by Kar YEOW <ka...@apir.com.au>.

During testing of logout from SingleSignOn, I discovered that the logout
failed because when using CLIENT-CERT SSLAuthenticator.java authenticate
method never associate the session with SingleSignOn.  I wonder those who
have access to Source could pls fix SSLAuthenticator.java.  TIA.
Kar

PS Here are the bit of codes in FormAuthenticator.java I think should also
be in SSLAuthenticator.java

        // Have we already authenticated someone?
        Principal principal = hreq.getUserPrincipal();
        if (principal != null) {
            if (debug >= 1)
                log("Already authenticated '" +
                    principal.getName() + "'");
            String ssoId = (String)
request.getNote(Constants.REQ_SSOID_NOTE);
            if (ssoId != null)
                associate(ssoId, getSession(request, true));
            return (true);
        }