Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is empty session path in tomcat?

Tags:

java

webserver

tomcat

connector

tomcat6

I have read apache tomcat documentation a day before, and I am so confused about emptySessionPath . Up to my knowledge, if it's set to true, the emptySessionPath is stored at the root folder of web application. Please give the right definition of the term emptySessionPath and what happens if it is set to true and false?

Please guide me.Thanks in advance.

like image 435
Muneeswaran Balasubramanian Avatar asked Dec 02 '10 06:12

Muneeswaran Balasubramanian

People also ask

How does Tomcat maintain session?

In session management, Tomcat creates a session id whenever client's first request gets to the server (However, other servlet containers may behave differently). Then it inserts this session id into a cookie with a name JSESSIONID and sends along with the response.

What is the use of Jsessionid?

JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.

2 Answers

The emptySessionPath field just states whether the all cookie should be stored in the root URL path / (if emptySessionPath=true) or not (otherwise).

This is used by Apache's Connector. See details here (This is for AJP Connector, which is part of the Connnector object).

What this basically means is:

If emptySessionPath is enabled in tomcat, the JSESSIONID cookie is written to the root "/" path. This means that whatever webapp you are on will use the same cookie. Each webapp will re-write the cookie's value to hold that webapp's session id, and they are all different.

When this is enabled and servlets in different webapps are used, requests from the same user to different servlets will end up overwriting the cookie so that when the servlet is again interacted with it will create a new session and loose the session it had already set up.

If emptySessionPath is not set, there are multiple cookies in the browser, one for each webapp (none at the root), so different webapps are not re-writing each other's cookie as above.

JSESSIONID is the ID Session for your Webapp. See a full explanation here.

Update: This information about usage is somewhat outdated - see here for a more up-to-date information on how to set the Session path also for recent tomcat.

like image 148
Buhake Sindi Avatar answered Sep 21 '22 01:09

Buhake Sindi

If emptySessionPath is set to true, it will eliminate the context path from JSESSIONID cookie.It will set a cookie path to /.This attribute can be used for cross application autehentication mechanism.

like image 37
UVM Avatar answered Sep 21 '22 01:09

UVM
Sign in to Comment

Related questions

EclipseLink : No Persistence provider for EntityManager named
Java - Expected “"” but found unknown token
What is the Java equivalent to this preg_replace?
What's inside a reference variable in Java?
What's the proper way to handle JDBC connections with Spring and DBCP?
Do prepared statements slow down program conspicuously?
are hibernate applications domain driven?
C++ from a Java-view: I must have missed a few things
Capture an argument in Mockito
Prevent ehcache trying to access internet on startup
Android: Problem With ListViews and CheckBoxes
Java last day of month problem
How to mix html with gwt widgets?
Eclipse MenuManager: get ImageDescriptor of Image?
String comparison and String interning in Java
How can I have a constant variable common to all classes in a package?
Retrying an http connection
BufferedImage to BMP in Java
How to make a deep copy of an InputStream in Java [closed]
Splitting a string into n-length chunks in Java [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!