You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Filippo Munafò <fi...@cineca.it> on 2001/05/10 19:36:25 UTC

session object problem with cookies disabled

I've a problem running Tomcat + IIS 5.0 on Win2K. I've tried Tomcat 3.2.1,
3.2.2, 3.3-m2.
Everything works fine unless the session example: a new session is created
everytime I add a new item in my cart so it contains always only one item!
All is OK with Tomcat as stand-alone. Every other example works with IIS, so
redirect is ok and all basic config also.
Cookies are turned off (I need my app to work also if users turn off
cookies)
I don't know if I'm missing something in IIS configuration or in Tomcat's
one.
I've searched in Tomcat mailing list (user and dev), in apache bug database,
but no answer to this problem with session object.
Thanks.

Filippo

Re: session object problem with cookies disabled

Posted by Bo Xu <bo...@cybershop.ca>.

Filippo Munafò wrote:

> I've a problem running Tomcat + IIS 5.0 on Win2K. I've tried Tomcat 3.2.1,
> 3.2.2, 3.3-m2.
> Everything works fine unless the session example: a new session is created
> everytime I add a new item in my cart so it contains always only one item!
> All is OK with Tomcat as stand-alone. Every other example works with IIS, so
> redirect is ok and all basic config also.
> Cookies are turned off (I need my app to work also if users turn off
> cookies)
> I don't know if I'm missing something in IIS configuration or in Tomcat's
> one.
> I've searched in Tomcat mailing list (user and dev), in apache bug database,
> but no answer to this problem with session object.
> Thanks.
>
> Filippo

Hi:-) I am not sure, I found:
- when cookie is enabled, HttpSession will "Prefer" to use cookie than
URL-rewriting
   to save JSESSIONID(name/value="JSESSIONID"/"B730C71....")

- if cookie is disabled, then HttpSession will use URL-rewriting to save
JSESSIONID,
  but now first I must use encodeURL/encodeRedirectURL to ask container to put
the
  JSESSIONID in the URL which I want to give to client, otherwise you will still
give
  your client a URL without JSESSIONID, I think it is the reason why you get a
new
  session everytime. for example:

  before encodeURL:
  http://x.x.x.x.:8080/mywebapp/servlet/TestSession

  after encodeURL:

http://x.x.x.x.:8080/mywebapp/servlet/TestSession;jsessionid=238490639024620774F141A4B1228534



< haha :-) >
the following is a good email from Servlet-List:

import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;


public class TestSession extends HttpServlet {
   public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
      response.setContentType("text/html");
      PrintWriter pw = response.getWriter();
      HttpSession session=request.getSession();
      pw.println("<p>Session is new : " + session.isNew());
      pw.println("<p>Session ID : " + session.getId());
      pw.println("<p>Session is from cookie : " +
request.isRequestedSessionIdFromCookie());
      pw.println("<p>Session is from URL :    " +
request.isRequestedSessionIdFromURL());
      pw.println("<p><a href='" + response.encodeURL("TestSession") + "'New
request</a>");
  }
}


Try this servlet with as many browsers you can, with
cookies enabled and disabled. Observe not only the page
displayed, but also the address field in
the browser window. Everyhing will become clear !

Pierre-Yves

< haha :-) >



Bo
May.10, 2001

Re: session object problem with cookies disabled

Posted by Benoit Jacquemont <be...@smile.fr>.

The default way to store object on the client side is by using cookie: if you 
disabled cookie, you cannot use session.

There is an other way, that I never tried myself, which is to use an old 
method called urlencoding. Indeed, instead of storing session in a cookie, 
you store it in the url, like an argument.
I don't know if you can store a lot of thing that way, but it is possible.

Benoît

> I've a problem running Tomcat + IIS 5.0 on Win2K. I've tried Tomcat 3.2.1,
> 3.2.2, 3.3-m2.
> Everything works fine unless the session example: a new session is created
> everytime I add a new item in my cart so it contains always only one item!
> All is OK with Tomcat as stand-alone. Every other example works with IIS,
> so redirect is ok and all basic config also.
> Cookies are turned off (I need my app to work also if users turn off
> cookies)
> I don't know if I'm missing something in IIS configuration or in Tomcat's
> one.
> I've searched in Tomcat mailing list (user and dev), in apache bug
> database, but no answer to this problem with session object.
> Thanks.
>
> Filippo

RE: session object problem with cookies disabled

Posted by Devon Ziegler <de...@channelogics.com>.

There is a setting is server.xml relating to supporting sessions without
cookies (session id should end up in URL instead).  I don't recall the exact
setting.  You might need to change this setting (or I could be wrong :) ).

-----Original Message-----
From: Filippo Munafò [mailto:filippo.munafo@cineca.it]
Sent: Thursday, May 10, 2001 1:36 PM
To: tomcat-user@jakarta.apache.org
Subject: session object problem with cookies disabled

I've a problem running Tomcat + IIS 5.0 on Win2K. I've tried Tomcat 3.2.1,
3.2.2, 3.3-m2.
Everything works fine unless the session example: a new session is created
everytime I add a new item in my cart so it contains always only one item!
All is OK with Tomcat as stand-alone. Every other example works with IIS, so
redirect is ok and all basic config also.
Cookies are turned off (I need my app to work also if users turn off
cookies)
I don't know if I'm missing something in IIS configuration or in Tomcat's
one.
I've searched in Tomcat mailing list (user and dev), in apache bug database,
but no answer to this problem with session object.
Thanks.

Filippo