Hi Peter,
On 01/25/10 05:44 PM, Major Péter wrote:
> Hi,
>
> Is it possible, that something changed in the cookie handling between
> GFv2 and v3? I'm experiencing some problems with my OpenSSO + Agent
> configurations, possibly because the cookies are in GFv3 now by default
> url-encoded. Is this true? If so, how can I disable this behaviour?
>
You mean "session ids" [as opposed to cookies] are in GFv3 now by default
url-encoded", right? :)
Yes, this is a side-effect of the fix for:
https://glassfish.dev.java.net/issues/show_bug.cgi?id=4394
See the comment I had added there:
<comment>
Based on feedback received by the community, "enableURLRewriting"
needs to be supported as a property "in its own right", i.e., it must be
possible to set both "enableCookies" and "enableURLRewriting" to
"true" (or
"false") at the same time.
paulcb_at_dev.java.net wrote:
Personally I think that the way it was before was much better in
that the server effectively assumes the worst case (there is no cookie
support) and rewrites the first URL and sets a cookie. If a request
has a
cookie, then it would no longer rewrite the urls.
See the thread at
http://forums.java.net/jive/thread.jspa?messageID=328588 for
additional details.
By default, both "enableCookies" and "enableURLRewriting" will be
set to true.
</comment>
Note that Servlet 3.0 adds standard support for configuring the
desired session tracking modes for your application. You can disable URL
rewriting either declaratively (in your web.xml), as follows:
<web-app>
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
</web-app>
OR programmatically (e.g., from a ServletContextListener), like this:
servletContext.setSessionTrackingModes(EnumSet.of(
SessionTrackingMode.COOKIE));
Hope this helps.
Thanks,
Jan
> Thanks.
>
> Best Regards,
> Peter Major
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>