You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Markus <ml...@dlite.de> on 2006/07/31 17:34:24 UTC
Apache, mod_jk and Tomcat looses sessions
Hi,
I've got the following problem on one server using Apache 2.0.54-5 (Debian
x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try to create a
redirect to a page with a session-id if there is no session. Seems to be
easy, but in combination with apache/mod_jk my servlet redirects unlimited
because it doesn't recognizes the created session. Attached you'll find the
code (please don't wonder why there are some methods, I've extracted the
code from a very big servlet). If I am using the Servlet directy with tomcat
on the same host there is no problem.
Help would be great!
--
Beste Grüße / best regards Markus Meissner
-------------------------------------------------
meissner.IT GmbH Markus Meissner
Benrather Schlossallee 36 mm@meissner.IT
40597 Düsseldorf +49 211 98 49 48 98
-------------------------------------------------
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus Meissner <ml...@meissner.IT>.
Christopher Schultz wrote on Monday, July 31, 2006 11:55 PM:
>>> Some part of your logic is missing: you do not have a case where it
>>> is known that you MUST create a session. Therefore, you never create
>>> a session. Your code tries and tries again (redirecting continuously)
>>> but never creates a session because you are not handling the case
>>> where you want to create one. You must create a session at some point:
>>> you're just not doing it.
>>
>> Hm, I don't understand your point. Take a look:
>>
>> From http://www.dlite.de/42/TestServlet.java
>> if (redirectToURLWithSID(request)) {
>> request.getSession(true);
>> String url = request.getRequestURI();
>> url = response.encodeRedirectURL(url);
>> response.sendRedirect(url);
>
> Sorry, I must have missed that the first time around: I'm an idiot.
You are probably not!
> Does your log file indicate that the URL is being re-written properly
> with the session id attached?
Jep, getting a fresh sid every time, added to the url. It works like a charm
without apache / mod_jk, everything other works, too, using apache / mod_jk.
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache, mod_jk and Tomcat looses sessions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Markus,
>> Some part of your logic is missing: you do not have a case where it is
>> known that you MUST create a session. Therefore, you never create a
>> session. Your code tries and tries again (redirecting continuously) but
>> never creates a session because you are not handling the case where you
>> want to create one. You must create a session at some point: you're just
>> not doing it.
>
> Hm, I don't understand your point. Take a look:
>
> From http://www.dlite.de/42/TestServlet.java
> if (redirectToURLWithSID(request)) {
> request.getSession(true);
> String url = request.getRequestURI();
> url = response.encodeRedirectURL(url);
> response.sendRedirect(url);
Sorry, I must have missed that the first time around: I'm an idiot.
Does your log file indicate that the URL is being re-written properly
with the session id attached?
-chris
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus <ml...@dlite.de>.
Christopher Schultz wrote on Monday, July 31, 2006 10:08 PM:
> Markus,
>
>>>>> If the session is mandatory, I recommend changing:
>>>>>
>>>>> request.getSession(false)
>>>>> to
>>>>> request.getSession(true)
>>>> Thanks for your quick answer. The problem I want to solve is only to
>>>> create a session if it is really needed, so #redirectToURLWithSID is
>>>> a little bit more complicated that this.
>>> What is your definition of "is really needed"? I would say that NOT
>>> having a session is a good indication that you SHOULD create one. Am
>>> I missing the point?
>>
>> Not having a session results in not sending cookies nor sids and thats
>> what I want, at least for pages where it isn't needed.
>
> Some part of your logic is missing: you do not have a case where it is
> known that you MUST create a session. Therefore, you never create a
> session. Your code tries and tries again (redirecting continuously) but
> never creates a session because you are not handling the case where you
> want to create one. You must create a session at some point: you're just
> not doing it.
Hm, I don't understand your point. Take a look:
>From http://www.dlite.de/42/TestServlet.java
if (redirectToURLWithSID(request)) {
request.getSession(true);
String url = request.getRequestURI();
url = response.encodeRedirectURL(url);
response.sendRedirect(url);
So I check in #redirectToURLWithSID if I need a session or not (which is
shortened in the example). I only redirect after creating a session via
request.getSession(true). There is no redirect without creating a session.
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache, mod_jk and Tomcat looses sessions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Markus,
>>>> If the session is mandatory, I recommend changing:
>>>>
>>>> request.getSession(false)
>>>> to
>>>> request.getSession(true)
>>> Thanks for your quick answer. The problem I want to solve is only to
>>> create a session if it is really needed, so #redirectToURLWithSID is a
>>> little bit more complicated that this.
>> What is your definition of "is really needed"? I would say that NOT
>> having a session is a good indication that you SHOULD create one. Am I
>> missing the point?
>
> Not having a session results in not sending cookies nor sids and thats what
> I want, at least for pages where it isn't needed.
Some part of your logic is missing: you do not have a case where it is
known that you MUST create a session. Therefore, you never create a
session. Your code tries and tries again (redirecting continuously) but
never creates a session because you are not handling the case where you
want to create one. You must create a session at some point: you're just
not doing it.
-chris
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus <ml...@dlite.de>.
Christopher Schultz wrote on Monday, July 31, 2006 9:54 PM:
>>> If the session is mandatory, I recommend changing:
>>>
>>> request.getSession(false)
>>> to
>>> request.getSession(true)
>>
>> Thanks for your quick answer. The problem I want to solve is only to
>> create a session if it is really needed, so #redirectToURLWithSID is a
>> little bit more complicated that this.
>
> What is your definition of "is really needed"? I would say that NOT
> having a session is a good indication that you SHOULD create one. Am I
> missing the point?
Not having a session results in not sending cookies nor sids and thats what
I want, at least for pages where it isn't needed.
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache, mod_jk and Tomcat looses sessions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Markus,
>> If the session is mandatory, I recommend changing:
>>
>> request.getSession(false)
>> to
>> request.getSession(true)
>
> Thanks for your quick answer. The problem I want to solve is only to create
> a session if it is really needed, so #redirectToURLWithSID is a little bit
> more complicated that this.
What is your definition of "is really needed"? I would say that NOT
having a session is a good indication that you SHOULD create one. Am I
missing the point?
-chris
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus <ml...@dlite.de>.
Christopher Schultz wrote on Monday, July 31, 2006 6:42 PM:
> Markus,
>
>>> I try to create a redirect to a page with a session-id if there is no
>>> session. Seems to be easy, but in combination with apache/mod_jk my
>>> servlet redirects unlimited because it doesn't recognizes the created
>>> session.
>>>
>>> Btw: Cookies are disabled, this is important.
>
> It looks like you are not handling the situation where the user has
> requested a session with an ID but the session does not exist. I don't
> think that Tomcat will create a session for you unless you ask.
> Somewhere, you'll need to actually generate the session id using a call
> to request.getSession(true). Otherwise, the encodeRedirectURL method will
> not have a session id to add.
>
> If the session is mandatory, I recommend changing:
>
> request.getSession(false)
> to
> request.getSession(true)
>
> This will create a session if one does not exist.
>
> The logic in the method to determine if a redirect is necessary seems ...
> overly complex? Maybe a little cleanup would help.
Thanks for your quick answer. The problem I want to solve is only to create
a session if ist really needed, so #redirectToURLWithSID is a little bit
more complicated that this. Your suggestion is already made in line 44,
don't know if you haven't seen it or if I didn't get you.
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Apache, mod_jk and Tomcat looses sessions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Markus,
>> I try to create a redirect to a page with a session-id if there is
>> no session. Seems to be easy, but in combination with apache/mod_jk
>> my servlet redirects unlimited because it doesn't recognizes the
>> created session.
>>
>> Btw: Cookies are disabled, this is important.
It looks like you are not handling the situation where the user has
requested a session with an ID but the session does not exist. I don't
think that Tomcat will create a session for you unless you ask.
Somewhere, you'll need to actually generate the session id using a call
to request.getSession(true). Otherwise, the encodeRedirectURL method
will not have a session id to add.
If the session is mandatory, I recommend changing:
request.getSession(false)
to
request.getSession(true)
This will create a session if one does not exist.
The logic in the method to determine if a redirect is necessary seems
... overly complex? Maybe a little cleanup would help.
-chris
Re: Apache, mod_jk and Tomcat looses sessions
Posted by Pid <p...@pidster.com>.
are you rewriting the URLs in each of the pages to maintain the session?
each URL should get modified as a result:
/path/to/file.jsp;jsessiond=0000000000?q=param
what's your jk config?
(unless i've missed something, and given that most people seem to get
this to work OK, it's probably a problem with your setup rather that a
bug...)
Markus wrote:
> Markus wrote on Monday, July 31, 2006 5:39 PM:
>> Markus wrote on Monday, July 31, 2006 5:34 PM:
>>> I've got the following problem on one server using Apache 2.0.54-5
>>> (Debian x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try
>>> to
>>> create a redirect to a page with a session-id if there is no session.
>>> Seems to be easy, but in combination with apache/mod_jk my servlet
>>> redirects unlimited because it doesn't recognizes the created session.
>>> Attached you'll find the code (please don't wonder why there are some
>>> methods, I've extracted the code from a very big servlet). If I am
>>> using the Servlet directy with tomcat on the same host there is no
>>> problem.
>>>
>>> Help would be great!
>> Hm, attached source seems to be removed, put it here:
>> http://www.dlite.de/42/TestServlet.java
>>
>> Btw: Cookies are disabled, this is importand.
>
> FYI: Created
> http://issues.apache.org/bugzilla/show_bug.cgi?id=40203
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus <ml...@dlite.de>.
Markus wrote on Monday, July 31, 2006 5:39 PM:
> Markus wrote on Monday, July 31, 2006 5:34 PM:
>> I've got the following problem on one server using Apache 2.0.54-5
>> (Debian x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try
>> to
>> create a redirect to a page with a session-id if there is no session.
>> Seems to be easy, but in combination with apache/mod_jk my servlet
>> redirects unlimited because it doesn't recognizes the created session.
>> Attached you'll find the code (please don't wonder why there are some
>> methods, I've extracted the code from a very big servlet). If I am
>> using the Servlet directy with tomcat on the same host there is no
>> problem.
>>
>> Help would be great!
>
> Hm, attached source seems to be removed, put it here:
> http://www.dlite.de/42/TestServlet.java
>
> Btw: Cookies are disabled, this is importand.
FYI: Created
http://issues.apache.org/bugzilla/show_bug.cgi?id=40203
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Apache, mod_jk and Tomcat looses sessions
Posted by Markus <ml...@dlite.de>.
Markus wrote on Monday, July 31, 2006 5:34 PM:
> I've got the following problem on one server using Apache 2.0.54-5 (Debian
> x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try to
> create a redirect to a page with a session-id if there is no session.
> Seems to be easy, but in combination with apache/mod_jk my servlet
> redirects unlimited because it doesn't recognizes the created session.
> Attached you'll find the code (please don't wonder why there are some
> methods, I've extracted the code from a very big servlet). If I am using
> the Servlet directy with tomcat on the same host there is no problem.
>
> Help would be great!
Hm, attached source seems to be removed, put it here:
http://www.dlite.de/42/TestServlet.java
Btw: Cookies are disabled, this is importand.
--
Beste Grüße / best regards Markus Meissner
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org