JSESSIONID
843836Feb 7 2004 — edited Mar 3 2004hi,all,
I am working on a web app which stores customer's userid into session. on each of my jsp page userid is extracted from session. The problem is, if the customer's browser makes another site(not ours) as their home page, after the web page of this default web site loaded, if the customers uses same browser window to access our site, two sessionids are forwarded back.
For example, if the home page of the browser is www.bell.ca, after the first page of bell's site loaded, a customer starts to access our site in same browser window. But on our server, we can see there are two cookies with same name "JSESSIONID" but different value. One is from our site, another one is from bell. But our server seems could not tell which one is ours. The interesting thing is, if the browser does not set www.bell.ca as home page, or set to other site, like, www.yahoo.ca as home page, this problem did not exist.
I checked bell's site, found these, but I am not sure if this is the key.
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="Expires" content="Tue, 20 Aug 1996 14:25:27 GMT">
So, my question is, is there any way to clean other JSESSIONIDs detected from browser; or if it is possible to set up something like "filter" on server side, to block JSESSIONID not originated from some particular URLs.
Btw, we tried to set cookies on both server side and browser, it did not work.
The server is on solaris, with apache and tomcat 4.1. Both IE6 and Netscape 4.7 has same problem.
Thanks for any help.