You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kim Albee <mt...@gmail.com> on 2007/01/10 23:06:08 UTC
Issue with Changing sessionid values -- please help...
Server Configuration:
Linux Fedora Core 3, Apache 2.0, Tomcat 5.0.30 session sharing and load
balanced (with session persistence on a server) across two servers (not
using tomcat / JK load balancing).
Client Config:
AOL Version 9 web browser.
When users come in to the site and login, then move to a subdirectory at the
site, they appear there with a new Sessionid value, and so they lose their
logged in status, and have to login again. it occurs over and over, and
users are not able to stay logged in to the site.
Question: Why is this happening? Is there a way to fix it?
Thanks -- any help or suggestions would be much appreciated.
Kim :-)
Re: Issue with Changing sessionid values -- please help...
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kim,
Kim Albee wrote:
> We are not doing URL rewriting with sessionid, it's saving as a
> cookie.
Okay.
> Not sure how the sessionid is determined ... by Tomcat or Apache
Tomcat generates the sessions and therefore their ids as well.
> we have multiple servers and session sharing occurring with Tomcat,
> so we are appending the server ID (worker.id) to the sessionid
> variable, which Tomcat manages, but I'm not sure how Apache and/or
> Tomcat determine the sessionid... do you know how that happens?
How does your load balancer determine which server should get the
request? Is it completely random, or does your lb know that about the
server affinity of the session? Are you sure that session sharing is
configured properly?
Also, does this happen all of the time? Just in one particular place in
your app? Or intermittently all over the place? If it's intermittently
all over the place, then it might be that one of your servers is not
configured properly while the rest are, and when you randomly end up
using that misconfigured server, you drop your session.
I would run your tests a few times and then post back with more details.
For instance:
1. What is your lb configuration. If you are using Apache httpd with
mod_jk, then post your mod_jk config.
2. When you lose the session, what are the circumstances? Which server:
is it always the same one that loses the session?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFrOiJ9CaO5/Lv0PARAv5IAJ9ykPWAFlHUWwuzmFwwjz/Qgp+NgwCffWRT
xTpvRvo9sRMuTcqZqFW+V30=
=lt7h
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Issue with Changing sessionid values -- please help...
Posted by Kim Albee <mt...@gmail.com>.
Chris,
Thanks for the thinking -- I'm aware of the client IP issues with AOL, and
we checked that, but it appears that the IP is staying consistent for our
testing -- but our sessionid still gets changed... We are not doing URL
rewriting with sessionid, it's saving as a cookie... and we can see the
cookie too on the user machine we tested with.
Not sure how the sessionid is determined ... by Tomcat or Apache -- we have
multiple servers and session sharing occurring with Tomcat, so we are
appending the server ID (worker.id) to the sessionid variable, which Tomcat
manaages, but I'm not sure how Apache and/or Tomcat determine the
sessionid... do you know how that happens?
thanks,
Kim :-)
On 1/10/07, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kim,
>
> Kim Albee wrote:
> > Client Config:
> > AOL Version 9 web browser.
>
> How are you managing sessions? Is the container doing it for you, or are
> you doing them yourself? Cookies or URL rewriting? Is the server and/or
> session configuration sensitive to the remote (client) IP address?
>
> I notice you are using AOL, which plays games with the remote (client)
> IP address, so if you are requiring the IP address of the user to stay
> the same, it's not going to work for AOL users.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFpWtn9CaO5/Lv0PARAkF5AJ47hQ9Q19JpEY2nxHwTFzw/DCVA7gCghYzf
> HbZlVI6Q0H7QHq/RKHEOQTE=
> =jsKf
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Issue with Changing sessionid values -- please help...
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kim,
Kim Albee wrote:
> Client Config:
> AOL Version 9 web browser.
How are you managing sessions? Is the container doing it for you, or are
you doing them yourself? Cookies or URL rewriting? Is the server and/or
session configuration sensitive to the remote (client) IP address?
I notice you are using AOL, which plays games with the remote (client)
IP address, so if you are requiring the IP address of the user to stay
the same, it's not going to work for AOL users.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFpWtn9CaO5/Lv0PARAkF5AJ47hQ9Q19JpEY2nxHwTFzw/DCVA7gCghYzf
HbZlVI6Q0H7QHq/RKHEOQTE=
=jsKf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org