Hi,
In Tomcat 5.x and 6.x, the JSESSIONID Set-Cookie header is added to the
response during session creation (in Request.doGetSession), whereas in
Tomcat 4.x this used to be done during Response.sendHeaders(). Not that
it causes any problems, but TC 5.x/6.x responses can contain JSESSIONID
Set-Cookie headers even when there is no session or can contain multiple
JSESSIONID Set-Cookie headers (examples at the end of this mail)
Was there a problem in TC4.x when the JSESSIONID cookie was added when
the response headers were committed and hence this logic had to be moved
to Request.doGetSession in TC5.x/6.x?
Thanks,
Arvind
% cat webapps/ROOT/session1.jsp
<%
session.invalidate();
out.print("request.getSession(false)=");
if (request.getSession(false) == null)
out.println("null");
else
out.println(session);
%>
GET /session1.jsp HTTP/1.0
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=152B8151F108C614BB90FF20F4304340; Path=/
Content-Type: text/html
Content-Length: 35
Date: Fri, 30 Mar 2007 12:21:45 GMT
Connection: close
request.getSession(false)=null
---------------------------------------------------
% cat webapps/ROOT/session2.jsp
<%
session.invalidate();
session = request.getSession(true);
session.invalidate();
session = request.getSession(true);
out.print("request.getSession(false)=");
if (request.getSession(false) == null)
out.println("null");
else
out.println(session);
%>
GET /session2.jsp HTTP/1.0
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A37F56FC791DE3D5A25B0D31109C6D47; Path=/
Set-Cookie: JSESSIONID=6766CBEEF3D3093773D75F59A95E2E54; Path=/
Set-Cookie: JSESSIONID=133C6FFF6E09ABD71E79DE84F68479BC; Path=/
Content-Type: text/html
Content-Length: 87
Date: Fri, 30 Mar 2007 12:23:01 GMT
Connection: close
request.getSession(false)[EMAIL PROTECTED]
---------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
