so, i have the following problem me and my colleague have been struggling with at work for the past few days...
for a given webapp, session cookies have to be disabled and url rewriting used instead (as a security measure, 'orders from above' after a security audit, though i am not sure how this would harden the security).
i shoved
in conf/context.xml, which apparently disabled the cookies, because when i open the site in the given context browser gets stuck in an infinite refresh loop (any browser).
i also tried tweaking web.xml in the WEB-INF directory of the app itself, adding within the structure of the <web-app> tag:
since, if i am not mistaken, both cookies and url rewriting are enabled by default, so that if the client-end browser doesn't support cookies, url rewriting is used instead, i tried disabling cookies in my browser, using the default config server-side, and thus try and access the application, which resulted in the same constant refresh loop.
which makes me think the issue lies within the application and the
java code itself rather than
tomcat or anything client-side..
but anyway.
any directions/hints/ideas/thoughts/suggestions would be really appreciated.
P.S.: no i can't use the apache front, mod_rewrite, or anything like that, this is a work-related task and this has to be done on the tomcat level. tomcat 5.5.28 that.