• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

disabling session cookies & using url rewriting instead, in tomcat 5.5.28

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
so, i have the following problem me and my colleague have been struggling with at work for the past few days...

for a given webapp, session cookies have to be disabled and url rewriting used instead (as a security measure, 'orders from above' after a security audit, though i am not sure how this would harden the security).

i shoved in conf/context.xml, which apparently disabled the cookies, because when i open the site in the given context browser gets stuck in an infinite refresh loop (any browser).
i also tried tweaking web.xml in the WEB-INF directory of the app itself, adding within the structure of the <web-app> tag:



since, if i am not mistaken, both cookies and url rewriting are enabled by default, so that if the client-end browser doesn't support cookies, url rewriting is used instead, i tried disabling cookies in my browser, using the default config server-side, and thus try and access the application, which resulted in the same constant refresh loop.
which makes me think the issue lies within the application and the java code itself rather than tomcat or anything client-side..

but anyway.

any directions/hints/ideas/thoughts/suggestions would be really appreciated.

P.S.: no i can't use the apache front, mod_rewrite, or anything like that, this is a work-related task and this has to be done on the tomcat level. tomcat 5.5.28 that.

 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.

Bill
 
Somebody Somebodie
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

William Brogden wrote:If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.

Bill



would you care to elaborate on how exactly i do that?
or point me to where i can read up on the matter..?
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic