I have read apache tomcat documentation a day before, and I am so confused about emptySessionPath
. Up to my knowledge, if it's set to true, the emptySessionPath
is stored at the root folder of web application. Please give the right definition of the term emptySessionPath
and what happens if it is set to true and false?
Please guide me.Thanks in advance.
The emptySessionPath
field just states whether the all cookie should be stored in the root URL path /
(if emptySessionPath=true
) or not (otherwise).
This is used by Apache's Connector. See details here (This is for AJP Connector, which is part of the Connnector object).
What this basically means is:
If
emptySessionPath
is enabled in tomcat, theJSESSIONID
cookie is written to the root "/" path. This means that whatever webapp you are on will use the same cookie. Each webapp will re-write the cookie's value to hold that webapp's session id, and they are all different.When this is enabled and servlets in different webapps are used, requests from the same user to different servlets will end up overwriting the cookie so that when the servlet is again interacted with it will create a new session and loose the session it had already set up.
If
emptySessionPath
is not set, there are multiple cookies in the browser, one for each webapp (none at the root), so different webapps are not re-writing each other's cookie as above.
JSESSIONID
is the ID Session for your Webapp. See a full explanation here.
Update: This information about usage is somewhat outdated - see here for a more up-to-date information on how to set the Session path also for recent tomcat.