[jetty-discuss] Re: Session cookie path

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Peter,

I have committed a fix to handle "" context path when setting
the session cookie.  It was handling null context path, as in 
jetty 5 the conversion to "" was done in a wrapping API.

cheers

Peter Marks wrote:
> I've been doing some digging in the source and what seems to be
> happening is that as my contextPath is "/", the context path in the
> request is set to "". When the session manager then creates the cookie,
> it sets the path in the cookie to "" and this is returned to the
> browser. I'm guessing that the browser's response to this (Firefox) is
> to assume the cookie to be for the directory containing the page.
> 
> Something seems wrong about this behavior. Either the contextPath in the
> request should be set to "/" (I guess there must be a reason why this is
> not done as there is some code to handle this special case) or when the
> contextPath is "" the session manager should set the path in the cookie
> to "/". There is already some code to set the path to "/" if the
> contextPath is null.
> 
> I believe there is a work around using an init param, but it looks to me
> as though the default behavior needs to be fixed.
> 