That article is indeed heavily outdated.
On Tomcat 5.5 and 6.0 you can just set emptySessionPath
attribute to true
in the <Connector>
element in /conf/server.xml
.
<Connector ... emptySessionPath="true">
On Tomcat 7.0 this has changed because this is now configureable from the Servlet 3.0 API on. It’s then on Tomcat’s side configureable by setting sessionCookiePath
to /
in <Context>
element in any responsible context.xml
file.
<Context ... sessionCookiePath="/">
As said, there’s a new Servlet 3.0 API which allows you to configure the session cookie through the standard API. You can do it either declaratively by adding the following to the web.xml
:
<session-config>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config>
or programmatically by SessionCookieConfig
which is available by ServletContext#getSessionCookieConfig()
.
getServletContext().getSessionCookieConfig().setPath("/");
You could do this in ServletContextListener#contextInitialized()
or HttpServlet#init()
.
See also:
- Tomcat 5.5 HTTP connector documentation
- Tomcat 6.0 HTTP connector documentation – mentions potential security hole
- Tomcat 7.0 context documentation