/**
+ * Is a / added to the end of the session cookie path to ensure browsers,
+ * particularly IE, don't send a session cookie for context /foo with
+ * requests intended for context /foobar.
+ *
+ * @return <code>true</code> if the slash is added, otherwise
+ * <code>false</code>
+ */
+ public boolean getSessionCookiePathUsesTrailingSlash();
+
+
+ /**
+ * Configures if a / is added to the end of the session cookie path to
+ * ensure browsers, particularly IE, don't send a session cookie for context
+ * /foo with requests intended for context /foobar.
+ *
+ * @param sessionCookiePathUsesTrailingSlash <code>true</code> if the
+ * slash is should be added,
+ * otherwise <code>false</code>
+ */
+ public void setSessionCookiePathUsesTrailingSlash(
+ boolean sessionCookiePathUsesTrailingSlash);
+
+
+ /**
* Return the "allow crossing servlet contexts" flag.
*/
public boolean getCrossContext();
if (contextPath == null || contextPath.length() == 0) {
contextPath = context.getEncodedPath();
}
- // Handle special case of ROOT context where cookies require a path of
- // '/' but the servlet spec uses an empty string
- // Also ensure the cookies for a context with a path of /foo don't get
- // sent for requests with a path of /foobar
- if (!contextPath.endsWith("/")) {
- contextPath = contextPath + "/";
+ if (context.getSessionCookiePathUsesTrailingSlash()) {
+ // Handle special case of ROOT context where cookies require a path of
+ // '/' but the servlet spec uses an empty string
+ // Also ensure the cookies for a context with a path of /foo don't get
+ // sent for requests with a path of /foobar
+ if (!contextPath.endsWith("/")) {
+ contextPath = contextPath + "/";
+ }
+ } else {
+ // Only handle special case of ROOT context where cookies require a
+ // path of '/' but the servlet spec uses an empty string
+ if (contextPath.length() == 0) {
+ contextPath = "/";
+ }
}
cookie.setPath(contextPath);
/**
+ * Is a / added to the end of the session cookie path to ensure browsers,
+ * particularly IE, don't send a session cookie for context /foo with
+ * requests intended for context /foobar.
+ */
+ private boolean sessionCookiePathUsesTrailingSlash = true;
+
+
+ /**
* The Jar scanner to use to search for Jars that might contain
* configuration information such as TLDs or web-fragment.xml files.
*/
}
+ @Override
+ public boolean getSessionCookiePathUsesTrailingSlash() {
+ return sessionCookiePathUsesTrailingSlash;
+ }
+
+
+ @Override
+ public void setSessionCookiePathUsesTrailingSlash(
+ boolean sessionCookiePathUsesTrailingSlash) {
+ this.sessionCookiePathUsesTrailingSlash =
+ sessionCookiePathUsesTrailingSlash;
+ }
+
+
/**
* Return the "allow crossing servlet contexts" flag.
*/
file.</p>
</attribute>
+ <attribute name="sessionCookiePathUsesTrailingSlash" required="false">
+ <p>Some browsers, such as IE, will send a session cookie for a context
+ with a path of /foo with a request to /foobar. To prevent this, Tomcat
+ will add a trailing slash to the path associated with the session cookie
+ so, in the above example, the cookie path becomes /foo/. However, with a
+ cookie path of /foo/, IE will no longer send the cookie with a request
+ to /foo. This should not be a problem unless there is a servlet mapped
+ to /*. In this case this feature will need to be disabled. The default
+ value for this attribute is <code>true.</code> To disable this feature,
+ set the attribute to <code>false</code>.</p>
+ </attribute>
+
<attribute name="swallowAbortedUploads" required="false">
<p>Set to false if Tomcat should <b>not</b> read any additional request
body data for aborted uploads and instead abort the client connection.
projects / tomcat7.0 / commitdiff