You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robin Diederen <di...@nlcom.nl> on 2010/08/18 22:28:01 UTC
Tomcat sessions issue?
Hello all,
I’m using two Tomcat installs on a single system (the one’s running Alfresco, the other LifeRay). Somehow they interfere with another; when I log into Alfresco, I get logged out from LifeRay and vice versa.
How can this be? There are no overlapping ports configured in server.xml. I also tried to configure separate jvmRoutes for both Tomcats (the configuration itself succeeded, to no result however).
Any thoughts on this? Some overseen overlap?
Best, Robin
NLcom
ICT Solutions
T +31 (0)43 350 0190
F +31 (0)43 350 0192
E diederen@nlcom.nl
I www.nlcom.nl
Support:
T +31 (0)43 3270555
Office:
Hoogbrugplein 4, 6221 DB Maastricht
KvK Zuid-Limburg: 14059477
Re: Tomcat sessions issue?
Posted by Rainer Jung <ra...@kippdata.de>.
On 19.08.2010 09:25, Pid wrote:
> On 19/08/2010 04:50, Christopher Schultz wrote:
>> Robin,
>>
>> On 8/18/2010 5:57 PM, Robin Diederen wrote:
>>> That's interesting to say the least.
>>
>> I agree with André's assessment: you have a cookie collision. See below
>> for hints for removing the conflict.
>>
>>> Without cookies enabled, I can't login to either of both applications.
>>
>> You probably haven't been properly encoding your URLs.
>
> Or the app designers haven't. Tut.
>
>>> So I "designed" another test: using two browsers I visited both
>>> applications. And guess what: it works like a charm! So I guess you
>>> are right on the cookies :-).
>>
>>> The only one thing I do not understand: I've done this a few times
>>> before and I never ran into these issues. The only difference is that
>>> I'm using a newer version of LifeRay for the first time, but AFAIK
>>> the other LifeRay version I used uses JSESSION too..
>>
>> The difference is probably that in other installations you haven't
>> deployed both applications to the root ("/") context path. You never did
>> tell us how you deployed the two, so I suspect that both webapps are
>> deployed as ROOT. In that case, you get cookies from both webapps that
>> look like this:
>>
>> host=myserver.com, path=/, name=JSESSIONID, value=12345...
>
> Two Tomcats can't both exist in the same domain name space, unless
> there's a mapping error in mod_jk.
>
> After a cursory look through the server.xml, (cursory because of the
> trauma of wading through comments), I note:
>
> <Listener className="org.apache.jk.config.ApacheConfig"
> modJk="/opt/zimbra/httpd/modules/mod_jk.so" />
>
> The OP made reference to the jvmRoute="jvmAlfresco1", so I think we need
> to understand what's going on there to find a resolution.
Good point, so adding to the "look at the cookies" recommendation: if
you are using load-balancing with mod_jk, you need to configure a unique
jvmRoute for each Tomcat in server.xml. Tomcat will then add a dot "."
and the value of jvmRoute to the end of the session id used in the
JSESSIONID cookies. You can see it when looking at the value of the
cookie in the browser.
mod_jk reads this suffix from the cookie when it is send together with
each request by the browser and looks up the right Tomcat, assuming that
the name of the member workers in the load-baancers are the same as the
jvmRoute of the Tomct they are pointing to. If for some reason you get
that wrong (worker names do not fit the jvmRoutes of the respective
Tomcats), requests will eventually be send to the wrong Tomcat which
does not know about the user session (except when using session
clustering, an advanced topic).
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pid,
On 8/19/2010 3:25 AM, Pid wrote:
> On 19/08/2010 04:50, Christopher Schultz wrote:
>> The difference is probably that in other installations you haven't
>> deployed both applications to the root ("/") context path. You never did
>> tell us how you deployed the two, so I suspect that both webapps are
>> deployed as ROOT. In that case, you get cookies from both webapps that
>> look like this:
>>
>> host=myserver.com, path=/, name=JSESSIONID, value=12345...
>
> Two Tomcats can't both exist in the same domain name space, unless
> there's a mapping error in mod_jk.
Different ports :(
> After a cursory look through the server.xml, (cursory because of the
> trauma of wading through comments), I note:
>
> <Listener className="org.apache.jk.config.ApacheConfig"
> modJk="/opt/zimbra/httpd/modules/mod_jk.so" />
Yuk. Don't use that, Robin!
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxtU94ACgkQ9CaO5/Lv0PD+5wCfYOijQPKsWlY5U3mgGgcgRI5J
RgIAn1Pv3O+rh1LnMtkCYxvaBbdB2utT
=8iGv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by André Warnier <aw...@ice-sa.com>.
Pid wrote:
...
>
> After a cursory look through the server.xml, (cursory because of the
> trauma of wading through comments), I note:
>
> <Listener className="org.apache.jk.config.ApacheConfig"
> modJk="/opt/zimbra/httpd/modules/mod_jk.so" />
>
> The OP made reference to the jvmRoute="jvmAlfresco1", so I think we need
> to understand what's going on there to find a resolution.
>
I saw that too, but I believe this is just a reference to nod_jk's "auto-configuration"
capability. It does not necessarily mean that the Op /is/ accessing his Tomcat's through
Apache/mod_jk. And as far as I know, I don't think it would matter anyway.
There is another simple test of which I did not think before :
- login to instance A, verify it works
- check in the browser for any JSESSIONID cookie, note the beginning of the value
- login to instance B
- check again the cookies for JSESSIONID
If there is only one, and it has changed, then there is the collision.
I am willing to be convinced, but I am not sure by the way that the cookie path is part of
what identifies a separate cookie.
In other words, can the browser really hold two distinct cookies where the cookie name and
hostname are the same, and only the path differs ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by Pid <pi...@pidster.com>.
On 19/08/2010 04:50, Christopher Schultz wrote:
> Robin,
>
> On 8/18/2010 5:57 PM, Robin Diederen wrote:
>> That's interesting to say the least.
>
> I agree with André's assessment: you have a cookie collision. See below
> for hints for removing the conflict.
>
>> Without cookies enabled, I can't login to either of both applications.
>
> You probably haven't been properly encoding your URLs.
Or the app designers haven't. Tut.
>> So I "designed" another test: using two browsers I visited both
>> applications. And guess what: it works like a charm! So I guess you
>> are right on the cookies :-).
>
>> The only one thing I do not understand: I've done this a few times
>> before and I never ran into these issues. The only difference is that
>> I'm using a newer version of LifeRay for the first time, but AFAIK
>> the other LifeRay version I used uses JSESSION too..
>
> The difference is probably that in other installations you haven't
> deployed both applications to the root ("/") context path. You never did
> tell us how you deployed the two, so I suspect that both webapps are
> deployed as ROOT. In that case, you get cookies from both webapps that
> look like this:
>
> host=myserver.com, path=/, name=JSESSIONID, value=12345...
Two Tomcats can't both exist in the same domain name space, unless
there's a mapping error in mod_jk.
After a cursory look through the server.xml, (cursory because of the
trauma of wading through comments), I note:
<Listener className="org.apache.jk.config.ApacheConfig"
modJk="/opt/zimbra/httpd/modules/mod_jk.so" />
The OP made reference to the jvmRoute="jvmAlfresco1", so I think we need
to understand what's going on there to find a resolution.
p
> There's no difference between the identifying portions of the cookie
> (host, path, and name) so one overwrites the other.
>
> Simply deploying LifeRay to, say, /liferay and Alfresco to, say,
> /alfresco, you should be good to go.
>
> Note that if you deploy them in this way, you ought to be able to deploy
> them into a single Tomcat instance and save yourself some RAM and some
> administration.
>
> -chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by Rainer Jung <ra...@kippdata.de>.
To add the obvious: Use your browser to have a look at your JSESSIONID
cookies (and any other cookies of the same name used by both apps) after
loging in to LifeRay and after loging in to Alfresco. Write down domain
and path properties and see whether they conflict (whether one of the
cookies from Liferay would also apply to Alfresco or vice versa).
You might need to read a bit about how cookies work (domain and path).
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robin,
On 8/18/2010 5:57 PM, Robin Diederen wrote:
> That's interesting to say the least.
I agree with André's assessment: you have a cookie collision. See below
for hints for removing the conflict.
> Without cookies enabled, I can't login to either of both applications.
You probably haven't been properly encoding your URLs.
> So I "designed" another test: using two browsers I visited both
> applications. And guess what: it works like a charm! So I guess you
> are right on the cookies :-).
>
> The only one thing I do not understand: I've done this a few times
> before and I never ran into these issues. The only difference is that
> I'm using a newer version of LifeRay for the first time, but AFAIK
> the other LifeRay version I used uses JSESSION too..
The difference is probably that in other installations you haven't
deployed both applications to the root ("/") context path. You never did
tell us how you deployed the two, so I suspect that both webapps are
deployed as ROOT. In that case, you get cookies from both webapps that
look like this:
host=myserver.com, path=/, name=JSESSIONID, value=12345...
There's no difference between the identifying portions of the cookie
(host, path, and name) so one overwrites the other.
Simply deploying LifeRay to, say, /liferay and Alfresco to, say,
/alfresco, you should be good to go.
Note that if you deploy them in this way, you ought to be able to deploy
them into a single Tomcat instance and save yourself some RAM and some
administration.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxsqhwACgkQ9CaO5/Lv0PAW0ACgrGfZbBNEqz03Hcmwj5BDwl1P
gpoAn1Ott+IIPuq5PICE6MtgkzhVATjE
=xtu3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat sessions issue?
Posted by Robin Diederen <di...@nlcom.nl>.
Hi Andre,
That?s interesting to say the least. Without cookies enabled, I can't login to either of both applications.
So I "designed" another test: using two browsers I visited both applications. And guess what: it works like a charm! So I guess you are right on the cookies :-).
The only one thing I do not understand: I've done this a few times before and I never ran into these issues. The only difference is that I'm using a newer version of LifeRay for the first time, but AFAIK the other LifeRay version I used uses JSESSION too..
Tomorrow I'll look into the hosts (now it's bed time ;)).
Best, Robin
-----Oorspronkelijk bericht-----
Van: André Warnier [mailto:aw@ice-sa.com]
Verzonden: woensdag 18 augustus 2010 23:39
Aan: Tomcat Users List
Onderwerp: Re: Tomcat sessions issue?
Hassan Schroeder wrote:
> On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <di...@nlcom.nl> wrote:
>
>> Here's some info:
>
>> Server.xml from LifeRay:
>
> I'm not going to waste my time wading through all the boilerplate
> comments (hint, hint) but unless these are separate virtual hosts,
> my bet's on a cookie conflict, either sessionid or whatever auth
> system you're using.
>
I'll expand on that :
1) it is common usage, when pasting server.xml etc here, to remove the parts that are
comments (and the parameter values that may be confidential, like passwords), so that the
readers do not have to browse through a bunch of lines to find the ones that are active.
2) about the cookie conflict :
As far as I know, a cookie is specific to a hostname, but not to a port.
So if both servers answer to the same hostname, even on different ports, their JSESSIONID
cookies would just overwrite one another.
In other words :
- you login in tomcat instance A, and get a session and an assorted JSESSIONID cookie for
server A, labeled with the hostname "myserver"
- then you login to instance B, and get another session and another assorted JSESSIONID
cookie for server B, labeled with the hostname "myserver".
This one overwrites the previous one, because both the hostname and the cookiename are the
same.
So when you try to access server A again, your JSESSIONID cookie does not match any
existing session on server A, and it asks you to login again.
Quick fix and test : disable cookies in your browser and try again.
Tomcat will notice that the browser does not return cookies, and will use URL-rewriting
instead to carry the session-id.
Better fix :
- re-enable cookies in your browser
- give different hostnames to your two tomcat instances and restart them
- in your workstations local "hosts" file, add a line for each of these hostnames, with
the IP address of the server.
- with your browser, use the appropriate hostname to access each of the Tomcat instances
(not only a different port, also a different name)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by André Warnier <aw...@ice-sa.com>.
Hassan Schroeder wrote:
> On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <di...@nlcom.nl> wrote:
>
>> Here's some info:
>
>> Server.xml from LifeRay:
>
> I'm not going to waste my time wading through all the boilerplate
> comments (hint, hint) but unless these are separate virtual hosts,
> my bet's on a cookie conflict, either sessionid or whatever auth
> system you're using.
>
I'll expand on that :
1) it is common usage, when pasting server.xml etc here, to remove the parts that are
comments (and the parameter values that may be confidential, like passwords), so that the
readers do not have to browse through a bunch of lines to find the ones that are active.
2) about the cookie conflict :
As far as I know, a cookie is specific to a hostname, but not to a port.
So if both servers answer to the same hostname, even on different ports, their JSESSIONID
cookies would just overwrite one another.
In other words :
- you login in tomcat instance A, and get a session and an assorted JSESSIONID cookie for
server A, labeled with the hostname "myserver"
- then you login to instance B, and get another session and another assorted JSESSIONID
cookie for server B, labeled with the hostname "myserver".
This one overwrites the previous one, because both the hostname and the cookiename are the
same.
So when you try to access server A again, your JSESSIONID cookie does not match any
existing session on server A, and it asks you to login again.
Quick fix and test : disable cookies in your browser and try again.
Tomcat will notice that the browser does not return cookies, and will use URL-rewriting
instead to carry the session-id.
Better fix :
- re-enable cookies in your browser
- give different hostnames to your two tomcat instances and restart them
- in your workstations local "hosts" file, add a line for each of these hostnames, with
the IP address of the server.
- with your browser, use the appropriate hostname to access each of the Tomcat instances
(not only a different port, also a different name)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat sessions issue?
Posted by Hassan Schroeder <ha...@gmail.com>.
On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <di...@nlcom.nl> wrote:
> Here's some info:
> Server.xml from LifeRay:
I'm not going to waste my time wading through all the boilerplate
comments (hint, hint) but unless these are separate virtual hosts,
my bet's on a cookie conflict, either sessionid or whatever auth
system you're using.
FWIW,
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
twitter: @hassan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat sessions issue?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Robin Diederen [mailto:diederen@nlcom.nl]
> Subject: Tomcat sessions issue?
>
> I'm using two Tomcat installs on a single system (the one's running
> Alfresco, the other LifeRay). Somehow they interfere with another; when
> I log into Alfresco, I get logged out from LifeRay and vice versa.
I see no data here: Tomcat version, JVM version, platform, installation directories, contents of each server.xml, startup mechanisms, log entries, ...
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org