Not really sure, but try setting the "override" attribute of DefaultContext element on server.xml file of Tomcat to false. I think that is set to true by default, which overrides your application configuration setting the cookies on.
Thanks for the reply....unfortunately it doesn't appear to work. I changed the override attribute of the DefaultContext element in the server.xml file to "false"....but still got cookies.
I also tried putting a "context.xml" file in the META-INF (and WEB-INF - shooting in the dark here) with based on the tomcat 5.0 docs (http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/defaultcontext.html)
Ultimately, the *only* thing that I have tried that prevents JBoss/Tomcat from setting a cookie is changing the "DefaultContext" element in jbossweb server.xml file (cookies="false")...although as previously stated, this is unacceptable since the other apps in the same server instance will now fail. I've even tried this in reverse - disabling in server.xml and adding a jboss-web.xml file to *use* cookies, but that didn't work either.
Is there an easy way to verify if JBoss is even picking up on the jboss-web.xml file??
Any other thoughts? Does anyone have this working or is this a bug in JBoss 3.2.5?
You need to upgrade to 3.2.6 where you can use a war/WEB-INF/context.xml to control the war properties, for example a jmx-console.war/WEB-INF/context.xml:
<Context path="/jmx-console" cookies="false" override="true" />
Thanks, as always for the information, Scott.
I'm hopeful, however that there's a way to to patch the server rather than do a complete upgrade. We are running a dozen instances of JBoss and I have taken considerable time to create a customized maven goal to generate new servers. In fact, I've already gone through the process of creating the server generation code and *thorougly* testing applications in my environment 3 times - with versions 3.2.3, 3.2.4 and 3.2.5 since there were significant and different "show stopper" bugs in each version prior to 3.2.5. I am therefore rather reluctant to start up the upgrade treadmill all over again.
Please don't take this too harshly as I have a great deal of respect for the people who dedicate their time to this opensource software (we do contribute to various FOSS projects), and do understand the difficulties of managing a project of this size and complexity.
Is it possible that I could upgrade merely the jbossweb module and have any expectation of it working? Or, are patch upgrades to fix these types of problems something that is provided (or only provided) with paid support?
You can always start with the expecation of it working. The reality will depend on the changes that exist in the newer version. You can always get the code and look at how the feature was added and patch the version yourself.
Custom patches for arbitrary versions are only done under support contracts.