so, i have the following problem me and my colleague have been struggling with at work for the past few days...
for a given webapp, session cookies have to be disabled and url rewriting used instead (as a security measure, 'orders from above' after a security audit, though i am not sure how this would harden the security).
i shoved in conf/context.xml, which apparently disabled the cookies, because when i open the site in the given context browser gets stuck in an infinite refresh loop (any browser).
i also tried tweaking web.xml in the WEB-INF directory of the app itself, adding within the structure of the <web-app> tag:
since, if i am not mistaken, both cookies and url rewriting are enabled by default, so that if the client-end browser doesn't support cookies, url rewriting is used instead, i tried disabling cookies in my browser, using the default config server-side, and thus try and access the application, which resulted in the same constant refresh loop.
which makes me think the issue lies within the application and the java code itself rather than tomcat or anything client-side..
any directions/hints/ideas/thoughts/suggestions would be really appreciated.
P.S.: no i can't use the apache front, mod_rewrite, or anything like that, this is a work-related task and this has to be done on the tomcat level. tomcat 5.5.28 that.
If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.
posted 7 years ago
William Brogden wrote:If you are going to depend on URL rewriting, Tomcat will NOT do it for you, you must explicitly modify every spot that creates a URL link which stays on your site. Presumably starting with that intro page that now goes into an infinite loop.
would you care to elaborate on how exactly i do that?
or point me to where i can read up on the matter..?