Reputation: 455
Tomcat session cookie is not sent for context root request
I have a web app for which I'd like time-based sessions, so that refreshing the page or reloading on another tab keeps the same one. So, in web.xml I have:
<servlet-mapping>
<servlet-name>any</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<name>sid</name>
<max-age>1800</max-age>
</cookie-config>
</session-config>
The cookie is set with proper expiration, its path is /app/, according to my context name. Now, if I make requests to URLs like /app/ or /app/main, the cookie is passed. However, the root context path of /app does not send the cookie. Even if I add ...
<path>/app</path>
... in the above cookie-config, the cookie path in the browser is the same /app/. Is there any workaround for this strange behaviour?
Apache Tomcat/8.0.28
Upvotes: 0
Views: 1923
Answers (1)
Reputation: 16625
The behvaiour isn't strange, it is there for security reasons.
The behaviour is also configurable but make sure you understand the security implications of changing the default.
Configuration is via the sessionCookiePathUsesTrailingSlash attribute of the Context element in server.xml. For full details see the Context documentation.
Upvotes: 1
Related Questions
- Jsession in tomcat configuration
- Session sharing between contexts doesn't work on Tomcat 7
- Can not read JSESSIONID cookie after setting cookie-config to httpOnly and secure in web.xml
- Tomcat context.xml seems to be broken, how to set sessionCookiePath properly?
- Tomcat - Custom Session Cookie Handling
- Why is my cookie value not set?
- Tomcat Servlet Cookies Example Not Working
- Tomcat HttpSession Cookie Shared
- why does tomcat create a session cookie for every request?
- Cookie in Tomcat