Bug 49525

Summary: IE8: Unabled to store data in HttpSession (root context)
Product: Tomcat 7 Reporter: oschina.net <oschina.net>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: blocker CC: brian
Priority: P2    
Version: 7.0.6   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description oschina.net 2010-06-29 22:22:03 UTC
Environment:

Tomcat 7.0.0 Beta
IE8

A simplest webapp only have a test.jsp below:

<%=request.getSession().getId()%>

this app installed as root context

the test.jsp works fine in firefox

but when using IE8

there is always a different session id where refresh the test page.

BTW: the test.jsp works find in Tomcat 6.x
Comment 1 oschina.net 2010-06-29 22:26:18 UTC
The difference cookie header of tomcat 6 & 7

Tomcat 7 
Set-Cookie: JSESSIONID=E33BFF1384284F317D75025391BF5CB3; Path=""; HttpOnly

Tomcat 6
Set-Cookie: JSESSIONID=F6EB3C21AC71EC2AA305A2BBEE37DBE9; Path=/
Comment 2 Mark Thomas 2010-07-01 15:37:01 UTC
Thanks for the report. Fixed in trunk and will be included in 7.0.1 onwards.
Comment 3 oschina.net 2010-07-01 19:51:20 UTC
Thanks for your reply :)
Comment 4 Bmeist 2011-02-04 11:09:55 UTC
I am seeing this exact problem on 7.0.6, but only Tomcat on Linux.  I have another install of 7.0.6 on Windows and it works fine.

This is the error I see in the logs:

Feb 3, 2011 11:44:15 PM org.apache.tomcat.util.http.Cookies processCookieHeader
INFO: Cookies: Invalid cookie. Value not a token or quoted value

Again, this only happens on IE 8 hitting 7.0.6 on Linux.  Unfortunately we have a LOT of IE 8 users.  I rolled back to Tomcat 6 and it's working fine again.

Thanks very much!
Comment 5 Mark Thomas 2011-02-04 12:01:54 UTC
I've just checked this as Tomcat 7 does return / as the cookie path by default.

From the error message, it looks like your client is sending mal-formed cookies.

The users list is the place to get help with this - you need to provide an example cookie header that is failing.