The emptySessionPathfield just states whether the all cookie should be stored in the root URL path /(if emptySessionPath=true) or not (otherwise).

该emptySessionPath字段仅说明是否应将所有 cookie 存储在根 URL 路径中/（如果emptySessionPath=true）（否则）。

This is used by Apache's Connector. See details here(This is for AJP Connector, which is part of the Connnector object).

这是由 Apache 的连接器使用的。请参阅此处的详细信息（这是针对 AJP 连接器，它是连接器对象的一部分）。

What this basically means is:

这基本上意味着：

If emptySessionPathis enabled in tomcat, the JSESSIONIDcookie is written to the root "/" path. This means that whatever webapp you are on will use the same cookie. Each webapp will re-write the cookie's value to hold that webapp's session id, and they are all different.

When this is enabled and servlets in different webapps are used, requests from the same user to different servlets will end up overwriting the cookie so that when the servlet is again interacted with it will create a new session and loose the session it had already set up.

If emptySessionPathis not set, there are multiple cookies in the browser, one for each webapp (none at the root), so different webapps are not re-writing each other's cookie as above.

如果emptySessionPath在 tomcat 中启用，JSESSIONIDcookie 将写入根“/”路径。这意味着您使用的任何 web 应用程序都将使用相同的 cookie。每个 webapp 都会重写 cookie 的值来保存那个 webapp 的 session id，它们都是不同的。

当启用此功能并使用不同 Web 应用程序中的 servlet 时，来自同一用户对不同 servlet 的请求将最终覆盖 cookie，以便当 servlet 再次与其交互时将创建一个新会话并释放它已经建立的会话.

如果emptySessionPath没有设置，浏览器中有多个cookies，每个webapp一个（根没有一个），所以不同的webapps不会像上面那样重写彼此的cookie。

JSESSIONIDis the ID Session for your Webapp. See a full explanation here.

JSESSIONID是您的 Web 应用程序的 ID 会话。在此处查看完整说明。

Update: This information about usageis somewhat outdated - see herefor a more up-to-date information on how to set the Session path also for recent tomcat.

更新：有关使用情况的这些信息有些过时 -有关如何为最近的 tomcat 设置会话路径的最新信息，请参见此处。

If emptySessionPath is set to true, it will eliminate the context path from JSESSIONID cookie.It will set a cookie path to /.This attribute can be used for cross application autehentication mechanism.

如果emptySessionPath 设置为true，它将从JSESSIONID cookie 中消除上下文路径。它将cookie 路径设置为/。此属性可用于跨应用程序身份验证机制。

Session are, as you probably know, often maintained by a cookie. A cookie has two values that determines whether they should be returned by the browser for a certain request, cookieDomainand cookiePath. The cookiePathmust match that of the request.

您可能知道，会话通常由 cookie 维护。cookie 有两个值，用于确定浏览器是否应该为某个请求返回它们，cookieDomain和cookiePath。该cookiePath必须匹配要求。

A request is made for

提出了一个请求

 /some/request/for/this.html

Cookie would be returned with cookie path:

Cookie 将与 cookie 路径一起返回：

 / 
 /some
 /some/request

But not for cookie path:

但不适用于 cookie 路径：

 /other

By spec, a session is not shared between different web applications, so if you have web application foo.wardeployed under /foo, the session cookie path would, by default be set to /foo.

根据规范，会话不会在不同的 Web 应用程序之间共享，因此如果您foo.war在 下部署了Web 应用程序/foo，则会话 cookie 路径将默认设置为/foo。

It seems Connector.emptySessionPathis a protected variable on Connector. I haven't read the code - but I guess it has something to do with Tomcat's single sign on or sharing sessions, where you login to one context and are authenticated in all - in which case the cookie path must be /for the session cookies.

似乎Connector.emptySessionPath是连接器上的受保护变量。我还没有阅读代码 - 但我猜它与 Tomcat 的单点登录或共享会话有关，您登录到一个上下文并在所有情况下进行身份验证 - 在这种情况下，cookie 路径必须/用于会话 cookie。

Just in case, for the web_app version 3.0, the cookie configuration is standarized, so the equivalent to the AJP's emptySessionPath in webapp 3.0 is:

以防万一，对于web_app 3.0版本，cookie配置是标准化的，所以相当于webapp 3.0中AJP的emptySessionPath是：

<session-config>
<cookie-config>
<path>/</path>
<secure>true</secure>
</cookie-config>
</session-config>

<session-config>
<cookie-config>
<path>/</path>
<secure>true</secure>
</cookie-config>
</session-config>