aspose file tools*
The moose likes Tomcat and the fly likes disabling session cookies & using url rewriting instead, in tomcat 5.5.28 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "disabling session cookies & using url rewriting instead, in tomcat 5.5.28" Watch "disabling session cookies & using url rewriting instead, in tomcat 5.5.28" New topic
Author

disabling session cookies & using url rewriting instead, in tomcat 5.5.28

Somebody Somebodie
Greenhorn

Joined: Sep 27, 2011
Posts: 2
so, i have the following problem me and my colleague have been struggling with at work for the past few days...

for a given webapp, session cookies have to be disabled and url rewriting used instead (as a security measure, 'orders from above' after a security audit, though i am not sure how this would harden the security).

i shoved in conf/context.xml, which apparently disabled the cookies, because when i open the site in the given context browser gets stuck in an infinite refresh loop (any browser).
i also tried tweaking web.xml in the WEB-INF directory of the app itself, adding within the structure of the <web-app> tag:



since, if i am not mistaken, both cookies and url rewriting are enabled by default, so that if the client-end browser doesn't support cookies, url rewriting is used instead, i tried disabling cookies in my browser, using the default config server-side, and thus try and access the application, which resulted in the same constant refresh loop.
which makes me think the issue lies within the application and the java code itself rather than tomcat or anything client-side..

but anyway.

any directions/hints/ideas/thoughts/suggestions would be really appreciated.

P.S.: no i can't use the apache front, mod_rewrite, or anything like that, this is a work-related task and this has to be done on the tomcat level. tomcat 5.5.28 that.

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12821
    
    5
If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.

Bill
Somebody Somebodie
Greenhorn

Joined: Sep 27, 2011
Posts: 2
William Brogden wrote:If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.

Bill


would you care to elaborate on how exactly i do that?
or point me to where i can read up on the matter..?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: disabling session cookies & using url rewriting instead, in tomcat 5.5.28