Open ahonor opened 12 years ago
orubel
commented
12 years ago http://grails.org/doc/1.1/guide/2.%20Getting%20Started.html
4) The use of jsessionid (now considered harmful) is disabled by default.
Can you explain more of what you are trying to do? Dont want to be opening security holes.
orubel
commented
12 years ago ah... I see what you are trying to do. This is handled in context, not in app. You just manage this through your context when setting up virtual hosts in your app server.
orubel
commented
12 years ago or more simpler, I can simply add it so 'yana' is added to the end of 'localhost:8080' and it would append no matter what... no option.
Would requires going through all the links in the site and testing them all
orubel
commented
12 years ago DOH. I'm a bonehead.
grails.app.context = "/"
We can move that to the external config and that solves everyones problem
orubel
commented
12 years ago http://info.michael-simons.eu/2011/01/28/disable-jsessionid-path-parameter-in-java-web-applications/ ok sp[ring security uses that only in initially setting cookie apparently but it does use it but yeah we are getting conflict because we share same environment... http://localhost so it tries to create and delete same cookie. This will not exist EXCEPT if tools exist within EXACT SAME ENVIRONMENT which is always considered bad form to begin with anyway. And this can be fixed through context (I believe) or by just using subdomains or fake hosts (if you must) in your /etc/host file
While it is possible to reference each web app from a different domain it is not always possible. Some users will want to deploy Yana in the same container as another web app which will cause session conflicts at the cookie level.
Reference: Resolving JSESSIONID Conflicts