You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Markus <ml...@dlite.de> on 2006/07/31 17:34:24 UTC

Apache, mod_jk and Tomcat looses sessions

Hi,

I've got the following problem on one server using Apache 2.0.54-5 (Debian
x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try to create a
redirect to a page with a session-id if there is no session. Seems to be
easy, but in combination with apache/mod_jk my servlet redirects unlimited
because it doesn't recognizes the created session. Attached you'll find the
code (please don't wonder why there are some methods, I've extracted the
code from a very big servlet). If I am using the Servlet directy with tomcat
on the same host there is no problem. 

Help would be great!

-- 
Beste Grüße / best regards Markus Meissner 

-------------------------------------------------
meissner.IT GmbH                  Markus Meissner
Benrather Schlossallee 36          mm@meissner.IT
40597 Düsseldorf              +49 211 98 49 48 98
-------------------------------------------------

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus Meissner <ml...@meissner.IT>.

Christopher Schultz wrote on Monday, July 31, 2006 11:55 PM:
>>> Some part of your logic is missing: you do not have a case where it
>>> is known that you MUST create a session. Therefore, you never create
>>> a session. Your code tries and tries again (redirecting continuously)
>>> but never creates a session because you are not handling the case
>>> where you want to create one. You must create a session at some point:
>>> you're just not doing it.
>> 
>> Hm, I don't understand your point. Take a look:
>> 
>> From http://www.dlite.de/42/TestServlet.java
>> if (redirectToURLWithSID(request)) {
>>     request.getSession(true);
>>     String url = request.getRequestURI();
>>     url = response.encodeRedirectURL(url);
>>     response.sendRedirect(url);
> 
> Sorry, I must have missed that the first time around: I'm an idiot.

You are probably not!


> Does your log file indicate that the URL is being re-written properly
> with the session id attached? 

Jep, getting a fresh sid every time, added to the url. It works like a charm
without apache / mod_jk, everything other works, too, using apache / mod_jk.

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Apache, mod_jk and Tomcat looses sessions

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Markus,

>> Some part of your logic is missing: you do not have a case where it is
>> known that you MUST create a session. Therefore, you never create a
>> session. Your code tries and tries again (redirecting continuously) but
>> never creates a session because you are not handling the case where you
>> want to create one. You must create a session at some point: you're just
>> not doing it.     
> 
> Hm, I don't understand your point. Take a look:
> 
> From http://www.dlite.de/42/TestServlet.java
> if (redirectToURLWithSID(request)) {
>     request.getSession(true);
>     String url = request.getRequestURI();
>     url = response.encodeRedirectURL(url);
>     response.sendRedirect(url);

Sorry, I must have missed that the first time around: I'm an idiot.

Does your log file indicate that the URL is being re-written properly
with the session id attached?

-chris

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus <ml...@dlite.de>.

Christopher Schultz wrote on Monday, July 31, 2006 10:08 PM:
> Markus,
> 
>>>>> If the session is mandatory, I recommend changing:
>>>>> 
>>>>>     request.getSession(false)
>>>>> to
>>>>>     request.getSession(true)
>>>> Thanks for your quick answer. The problem I want to solve is only to
>>>> create a session if it is really needed, so #redirectToURLWithSID is
>>>> a little bit more complicated that this.
>>> What is your definition of "is really needed"? I would say that NOT
>>> having a session is a good indication that you SHOULD create one. Am
>>> I missing the point?
>> 
>> Not having a session results in not sending cookies nor sids and thats
>> what I want, at least for pages where it isn't needed.
> 
> Some part of your logic is missing: you do not have a case where it is
> known that you MUST create a session. Therefore, you never create a
> session. Your code tries and tries again (redirecting continuously) but
> never creates a session because you are not handling the case where you
> want to create one. You must create a session at some point: you're just
> not doing it.     

Hm, I don't understand your point. Take a look:

>From http://www.dlite.de/42/TestServlet.java
if (redirectToURLWithSID(request)) {
    request.getSession(true);
    String url = request.getRequestURI();
    url = response.encodeRedirectURL(url);
    response.sendRedirect(url);

So I check in #redirectToURLWithSID if I need a session or not (which is
shortened in the example). I only redirect after creating a session via
request.getSession(true). There is no redirect without creating a session.

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Apache, mod_jk and Tomcat looses sessions

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Markus,

>>>> If the session is mandatory, I recommend changing:
>>>>
>>>>     request.getSession(false)
>>>> to
>>>>     request.getSession(true)
>>> Thanks for your quick answer. The problem I want to solve is only to
>>> create a session if it is really needed, so #redirectToURLWithSID is a
>>> little bit more complicated that this.
>> What is your definition of "is really needed"? I would say that NOT
>> having a session is a good indication that you SHOULD create one. Am I
>> missing the point?  
> 
> Not having a session results in not sending cookies nor sids and thats what
> I want, at least for pages where it isn't needed.

Some part of your logic is missing: you do not have a case where it is
known that you MUST create a session. Therefore, you never create a
session. Your code tries and tries again (redirecting continuously) but
never creates a session because you are not handling the case where you
want to create one. You must create a session at some point: you're just
not doing it.

-chris

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus <ml...@dlite.de>.

Christopher Schultz wrote on Monday, July 31, 2006 9:54 PM:
>>> If the session is mandatory, I recommend changing:
>>> 
>>>     request.getSession(false)
>>> to
>>>     request.getSession(true)
>> 
>> Thanks for your quick answer. The problem I want to solve is only to
>> create a session if it is really needed, so #redirectToURLWithSID is a
>> little bit more complicated that this.
> 
> What is your definition of "is really needed"? I would say that NOT
> having a session is a good indication that you SHOULD create one. Am I
> missing the point?  

Not having a session results in not sending cookies nor sids and thats what
I want, at least for pages where it isn't needed.

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Apache, mod_jk and Tomcat looses sessions

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Markus,

>> If the session is mandatory, I recommend changing:
>>
>>     request.getSession(false)
>> to
>>     request.getSession(true)
> 
> Thanks for your quick answer. The problem I want to solve is only to create
> a session if it is really needed, so #redirectToURLWithSID is a little bit
> more complicated that this.

What is your definition of "is really needed"? I would say that NOT
having a session is a good indication that you SHOULD create one. Am I
missing the point?

-chris

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus <ml...@dlite.de>.

Christopher Schultz wrote on Monday, July 31, 2006 6:42 PM:
> Markus,
> 
>>> I try to create a redirect to a page with a session-id if there is no
>>> session. Seems to be easy, but in combination with apache/mod_jk my
>>> servlet redirects unlimited because it doesn't recognizes the created
>>> session. 
>>> 
>>> Btw: Cookies are disabled, this is important.
> 
> It looks like you are not handling the situation where the user has
> requested a session with an ID but the session does not exist. I don't
> think that Tomcat will create a session for you unless you ask.
> Somewhere, you'll need to actually generate the session id using a call
> to request.getSession(true). Otherwise, the encodeRedirectURL method will
> not have a session id to add.    
> 
> If the session is mandatory, I recommend changing:
> 
>     request.getSession(false)
> to
>     request.getSession(true)
> 
> This will create a session if one does not exist.
> 
> The logic in the method to determine if a redirect is necessary seems ...
> overly complex? Maybe a little cleanup would help. 

Thanks for your quick answer. The problem I want to solve is only to create
a session if ist really needed, so #redirectToURLWithSID is a little bit
more complicated that this. Your suggestion is already made in line 44,
don't know if you haven't seen it or if I didn't get you.

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Apache, mod_jk and Tomcat looses sessions

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Markus,

>> I try to create a redirect to a page with a session-id if there is
>> no session. Seems to be easy, but in combination with apache/mod_jk
>> my servlet redirects unlimited because it doesn't recognizes the
>> created session.
>> 
>> Btw: Cookies are disabled, this is important.

It looks like you are not handling the situation where the user has
requested a session with an ID but the session does not exist. I don't
think that Tomcat will create a session for you unless you ask.
Somewhere, you'll need to actually generate the session id using a call
to request.getSession(true). Otherwise, the encodeRedirectURL method
will not have a session id to add.

If the session is mandatory, I recommend changing:

    request.getSession(false)
to
    request.getSession(true)

This will create a session if one does not exist.

The logic in the method to determine if a redirect is necessary seems
... overly complex? Maybe a little cleanup would help.

-chris

Re: Apache, mod_jk and Tomcat looses sessions

Posted by Pid <p...@pidster.com>.

are you rewriting the URLs in each of the pages to maintain the session?
each URL should get modified as a result:

/path/to/file.jsp;jsessiond=0000000000?q=param

what's your jk config?

(unless i've missed something, and given that most people seem to get
this to work OK, it's probably a problem with your setup rather that a
bug...)


Markus wrote:
> Markus wrote on Monday, July 31, 2006 5:39 PM:
>> Markus wrote on Monday, July 31, 2006 5:34 PM:
>>> I've got the following problem on one server using Apache 2.0.54-5
>>> (Debian x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try
>>> to 
>>> create a redirect to a page with a session-id if there is no session.
>>> Seems to be easy, but in combination with apache/mod_jk my servlet
>>> redirects unlimited because it doesn't recognizes the created session.
>>> Attached you'll find the code (please don't wonder why there are some
>>> methods, I've extracted the code from a very big servlet). If I am
>>> using the Servlet directy with tomcat on the same host there is no
>>> problem. 
>>>
>>> Help would be great!
>> Hm, attached source seems to be removed, put it here:
>> http://www.dlite.de/42/TestServlet.java
>>
>> Btw: Cookies are disabled, this is importand.
> 
> FYI: Created 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=40203
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus <ml...@dlite.de>.

Markus wrote on Monday, July 31, 2006 5:39 PM:
> Markus wrote on Monday, July 31, 2006 5:34 PM:
>> I've got the following problem on one server using Apache 2.0.54-5
>> (Debian x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try
>> to 
>> create a redirect to a page with a session-id if there is no session.
>> Seems to be easy, but in combination with apache/mod_jk my servlet
>> redirects unlimited because it doesn't recognizes the created session.
>> Attached you'll find the code (please don't wonder why there are some
>> methods, I've extracted the code from a very big servlet). If I am
>> using the Servlet directy with tomcat on the same host there is no
>> problem. 
>> 
>> Help would be great!
> 
> Hm, attached source seems to be removed, put it here:
> http://www.dlite.de/42/TestServlet.java
> 
> Btw: Cookies are disabled, this is importand.

FYI: Created 
http://issues.apache.org/bugzilla/show_bug.cgi?id=40203

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Apache, mod_jk and Tomcat looses sessions

Posted by Markus <ml...@dlite.de>.

Markus wrote on Monday, July 31, 2006 5:34 PM:
> I've got the following problem on one server using Apache 2.0.54-5 (Debian
> x86) with mod_jk 1.2.15 (self-compiled) and tomcat 5.5.17: I try to
> create a redirect to a page with a session-id if there is no session.
> Seems to be easy, but in combination with apache/mod_jk my servlet
> redirects unlimited because it doesn't recognizes the created session.
> Attached you'll find the code (please don't wonder why there are some
> methods, I've extracted the code from a very big servlet). If I am using
> the Servlet directy with tomcat on the same host there is no problem.
> 
> Help would be great!

Hm, attached source seems to be removed, put it here:
http://www.dlite.de/42/TestServlet.java

Btw: Cookies are disabled, this is importand.

-- 
Beste Grüße / best regards Markus Meissner


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org