Tomcat Cookies and iChain
Articles and Tips: qna
01 Jul 2003
Q.
I realize that Tomcat and Apache Web Server now ship with NetWare. However I have a good question for you: are there any iChain settings that prevent the Tomcat session cookies from passing through to the browser?
I have a servlet running on Tomcat (which is running on my NetWare 6.x server) that uses sessions and session variables. When this servlet is called directly, the sessions work fine.
On the converse side, however, putting iChain in front, the session resets after every request. Might I assume the session cookie is not making it through to Tomcat? Have you seen similar behavior before? Any advice on a way to fix the problem?
Charles "Cookie" Chang
A.
Dear "Cookie:": Do you have a domain name difference between accessing Tomcat directly and accessing via iChain? If Tomcat sets a cookie with an attribute included for domain=.innerwebl.com, for example, and the client talks to iChain via outterweb.com. Then the browser won't send the cookie unless iChain incorrectly rewrites the cookie domain attribute. (Apparently iChain has had problems with this in the past, but it is working now with current versions.)
Another possibility is Tomcat's caching. Sometimes when Tomcat sends the response which includes the SET COOKIE header, iChain will cache it in accordance with its own set up and the caching directives in the packet. If it is cached, then iChain may serve up old responses including stale SET COOKIE sessions. The client will send the next request including the old session information, which Tomcat will refuse.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.