This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project.

Wiki

« Back to Application Servers

Tomcat tips

Details Print

Table of Contents [-]

  1. STRICT_SERVLET_COMPLIANCE

    STRICT_SERVLET_COMPLIANCE #

    When STRICT_SERVLET_COMPLIANCE is set to true, the value of FWD_SLASH_IS_SEPARATOR will be also set to true (and values of some other properties).

    If this is true then the / (forward slash) character will be treated as a separator. Note that this character is frequently used in cookie path attributes and some browsers will fail to process a cookie if the path attribute is quoted as is required by a strict adherence to the specifications. This is highly likely to break session tracking using cookies.

    To summarize the above, what's happening is the cookie's Path value is being enclosed in quotes when FWD_SLASH_IS_SEPARATOR is true. Browsers don't expect this and thus when the browser receives a cookie it doesn't send that cookie back on subsequent requests because the browser doesn't think the cookie's Path value matches the user's path. Essentially cookie-based sessions are broken in major browsers and curl unless -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false is passed on boot.

    Ive tested this with all browsers and it seems only Opera understands this feature correctly.

    0 Attachments
    13753 Views
    Average (0 Votes)
    The average rating is 0.0 stars out of 5.
    Comments