I’m trying to upgrade from Tomcat 5.5 to Tomcat 7, and almost everything is working — I just have some cookies that are getting through on Tomcat 5.5, but disappearing on Tomcat 7. That is, Firebug confirms that the cookies are being sent in both cases, but on Tomcat 5.5 they show up in a request.getCookies() call, and in Tomcat 7 they don’t. Some cookies still show up (JSESSIONID, for example), but a couple are missing.

This is the same application running on the same server, port, etc, I just shutdown Tomcat 5.5, startup 7, and the cookies no longer get through.

If it’s relevant, both Tomcat instances are behind an Apache proxy running on a different server. It doesn’t seem like it should be relevant, though, since Apache is clearly able to pass the cookies to Tomcat 5.5.

My guess is it’s a security feature of some sort, though I haven’t been able to figure out what it would be. The missing cookies are for domain .domain.org, while the cookies that are getting through (like JSESSIONID) are for host subdomain.domain.org (bolded text is just an example, obviously).

I tried setting useHttpOnly to false and crossContext to true in the context, in case it had something to do with one of those, but it didn’t help. Besides those two settings, are there any other new features in Tomcat 7 (or Tomcat 6, for that matter) that could lead to it leaving out cookies? And if so, is there a handy workaround?

EDIT: I forgot to mention that it probably doesn’t have anything to do with the cookie path — the cookies that don’t work have a path of “/”, and the cookies that do work have variously “/”, “/application”, and “/application/”.