Losing session cookie with IE6 - Weblogic

This is a discussion on Losing session cookie with IE6 - Weblogic ; Hello all, We are facing a very annoying problem about losing session cookie on our weblogic server 6 with some specific browser (IE 6 SP1). It seems that this could be related to third parties cookies that are not handled ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Losing session cookie with IE6

  1. Losing session cookie with IE6

    Hello all,

    We are facing a very annoying problem about losing session cookie on our
    weblogic server 6 with some specific browser (IE 6 SP1).
    It seems that this could be related to third parties cookies that are
    not handled properly with IE6 SP1.
    I know the following explanation is a bit long but without all details,
    it is hard to describe the architecture we are using.

    We are using weblogic 6, running on a solaris on port 8000(http) with 2
    different webApp (based on struts and tile):
    webApp1 and webApp2.
    Both of those web applications can be accessed with a specific url:
    www.webapp1.com
    www.webapp2.com


    The apache server receive the request and forward it to the weblogic
    server (with the weblogic_module).
    Apache is also used for SSL encryption, but with only one certificate,
    defined for the domain webapp1.com. The webApp2 should also be able to
    use this certificate.

    In order to allow webapp2 to be accessible via ssl transparently we do
    the following forwarding:
    1) A request is sent to http://www.webapp2.com

    2) The apache server send to the client a frame :

    MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="auto" NORESIZE>
    SCROLLING="no">


    This way the browser keep the url http://www.webapp2.com

    3) the browser sends a request to
    http://www.webapp2.com/webapp1/redirect_to_web_app.jsp

    4) the redirect_to_web_app.jsp do the following:
    <%
    String urlToGo;
    if (request.getServerName().equals("www.webapp2.com"))
    urlToGo="https://www.webApp1.com/webApp2";
    else{
    urlToGo="https://www.webApp1.com/webApp1";
    }
    %>






    This way, the browser will refresh the frame to the right web
    application, using the certificate defined for the domain "webapp1.com"
    and the browser url bar always keep the "http://www.webapp2.com"

    Everything works fine, except that when someone uses an internet
    explorer version 6, login to our application , do some things and
    logout (session is invalidated), there is no new session created.
    All requests doesn't contain any session_id cookie.
    After browsing the newsgroup, it appears that it could be a problem due
    to a third partie cookie problem.( We noticed that, because when we
    reduce the level of the security in the IE6 preferences (low, third
    parties cookies not blocked),
    there is no problem.
    So for the moment we are using URL rewriting. This way the session_id is
    sent as a parameter of each request, but we would definitely prefer to
    use cookie.
    Also we are wondering if if changing some parameters related to the
    cookie handling(cookiePath, cookie domain,...) could solve the problem?!

    Any idea or comment on this are very welcome!


    Laurent

  2. Re: Losing session cookie with IE6

    Errata...
    The weblogic server we are using is 7.0, not 6.0!

+ Reply to Thread