scode captcha finally
Sun, Mar 26, 2006For a good while I've been attempting to get Cliffano's SCode plugin for blojsom working. It would display the captcha images but would not seem to validate them. I modified the code to print the values it was getting from the session, and I noticed that the session was disappearing. At that point I contacted Cliffano and he had me run a few tests and try some debugging versions of the code. After all this testing I started looking at the session handling again, wondering if it had something to do with my apache to jboss connection. I switched from using mod_proxy to mod_jk, which didn't change anything but did provide me with some interesting experience. At that point I opened firefox's cookie editor extension and watched my JSESSIONID cookie over the course of a few requests. I noticed that there were two problems, the path was /blojsom and the session id changed with every request. This ruled out the session being invalidated by some bit of code (as did a grep of the blojsom sources).
After a little bit of googling I can across two possible solutions, one regarding having tomcat set the session path to / and the other using code to set another JSESSIONID cookie with / as the path. I tried adding
If your wondering why / versus /blojsom made a difference, it has to do with how the browser chooses to send cookies. If the path your requesting doesn't fall under the cookie path, then it isn't sent. Since as far as jboss was concerned it was sending out /blojsom as the actual path with every request, the cookies were set to match. What little old jboss didn't know was that I have apache setup to rewrite the url to /blog. So when our intrepid web browser hits the scene it gets a cookie for /blojsom from /blog and never sends it along in any subsequent request. So jboss just keeps setting the cookie assuming its a new visitor.