You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Stephen McCants <st...@hcs.us.com> on 2014/11/18 00:49:21 UTC
Session Config => Tracking Mode not working
Hello,
I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some
reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56.
First thing I tried was to add session-config/tracking mode to my web.xml, resulting in:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
....
However, that didn't seem to have any effect, so next I setting it in the default /conf/web.xml:
<session-config>
<session-timeout>30</session-timeout>
<!-- Disable writing the session cookie on the URL -->
<tracking-mode>COOKIE</tracking-mode>
</session-config>
This to had no effect. I also found no error messages in the logs and didn't turn up anything helpful on Google, so I'm at a loss as to why this
isn't working.
On our production server, we are using mod_rewrite and Apache to strip it out of the URL, so the user never sees it, but I'm needing to do some
testing on a local system and would rather not have the complication of Apache present. Some of the software running tests is getting confused by
the JSESSIONID on the URL the first time it hits our login page, so it doesn't recognize the login page.
Thoughts as to where I might have gone wrong?
Thanks in advance.
Sincerely,
Stephen
----------
Stephen McCants
Senior Software Engineer
Healthcare Control Systems, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Config => Tracking Mode not working
Posted by Stephen McCants <st...@hcs.us.com>.
Spent sometime in the debugger and it is Shiro that is appending the JSESSIONID on a redirect if the session cookie hasn't been set yet.
So, now I'm off to figure out how to turn it off in Shiro.
Thanks again for your help!
Sincerely,
Stephen McCants
On Wed, 19 Nov 2014 01:51:53 +0300
Konstantin Kolinko <kn...@gmail.com> wrote:
> 2014-11-19 0:53 GMT+03:00 Konstantin Kolinko <kn...@gmail.com>:
> > 2014-11-19 0:21 GMT+03:00 Stephen McCants <st...@hcs.us.com>:
> >> Hello Konstantin Kolinko,
> >>
> >> I fixed my dumb web.xml schema declaration. Thanks for pointing that out.
> >>
> >> I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID).
> >>
> >> So, next I turned on logEffectiveWebXml="true" and verified that the effective web.xml for both of my wars contains:
> >>
> >> <session-config>
> >> <session-timeout>30</session-timeout>
> >> <cookie-config>
> >> </cookie-config>
> >> <tracking-mode>COOKIE</tracking-mode>
> >> </session-config>
> >>
> >> But the first time I hit the web app, I'm still getting JSESSIONID in the URL.
> >>
> >> Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in
> >> the Tag Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any
> >> other logs files.
> >>
> >> At this point, I'm not sure what else I should try to debug the problem.
> >>
> >> Any suggestions would be appreciated.
> >>
> >
> > a) Run with a debugger
> > https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
> >
> > Possible points:
> > org.apache.catalina.connector.Response.encodeURL()
> > org.apache.catalina.connector.Response.encodeRedirectURL()
> > org.apache.catalina.connector.CoyoteAdapter.service()
>
> Also:
> org.apache.catalina.session.StandardSession.getId().
>
> It is the actual Id that is being printed as jsessionid there. It
> shall be read using that method. If debugging is hard, adding some
> logging with some stacktraces and recompiling can help.
>
>
> > b) Simplify your web application
> > until it becomes a simple example that can be reproduced by someone else.
> >
> > c)
> >> But the first time I hit the web app
> >
> > Is that "first time" response actually served by your web app, or by
> > some other (e.g. ROOT)?
> >
> > Best regards,
> > Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
----------
Stephen McCants
Senior Software Engineer
Healthcare Control Systems, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Config => Tracking Mode not working
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-19 0:53 GMT+03:00 Konstantin Kolinko <kn...@gmail.com>:
> 2014-11-19 0:21 GMT+03:00 Stephen McCants <st...@hcs.us.com>:
>> Hello Konstantin Kolinko,
>>
>> I fixed my dumb web.xml schema declaration. Thanks for pointing that out.
>>
>> I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID).
>>
>> So, next I turned on logEffectiveWebXml="true" and verified that the effective web.xml for both of my wars contains:
>>
>> <session-config>
>> <session-timeout>30</session-timeout>
>> <cookie-config>
>> </cookie-config>
>> <tracking-mode>COOKIE</tracking-mode>
>> </session-config>
>>
>> But the first time I hit the web app, I'm still getting JSESSIONID in the URL.
>>
>> Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag
>> Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files.
>>
>> At this point, I'm not sure what else I should try to debug the problem.
>>
>> Any suggestions would be appreciated.
>>
>
> a) Run with a debugger
> https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
>
> Possible points:
> org.apache.catalina.connector.Response.encodeURL()
> org.apache.catalina.connector.Response.encodeRedirectURL()
> org.apache.catalina.connector.CoyoteAdapter.service()
Also:
org.apache.catalina.session.StandardSession.getId().
It is the actual Id that is being printed as jsessionid there. It
shall be read using that method. If debugging is hard, adding some
logging with some stacktraces and recompiling can help.
> b) Simplify your web application
> until it becomes a simple example that can be reproduced by someone else.
>
> c)
>> But the first time I hit the web app
>
> Is that "first time" response actually served by your web app, or by
> some other (e.g. ROOT)?
>
> Best regards,
> Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Config => Tracking Mode not working
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-19 0:21 GMT+03:00 Stephen McCants <st...@hcs.us.com>:
> Hello Konstantin Kolinko,
>
> I fixed my dumb web.xml schema declaration. Thanks for pointing that out.
>
> I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID).
>
> So, next I turned on logEffectiveWebXml="true" and verified that the effective web.xml for both of my wars contains:
>
> <session-config>
> <session-timeout>30</session-timeout>
> <cookie-config>
> </cookie-config>
> <tracking-mode>COOKIE</tracking-mode>
> </session-config>
>
> But the first time I hit the web app, I'm still getting JSESSIONID in the URL.
>
> Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag
> Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files.
>
> At this point, I'm not sure what else I should try to debug the problem.
>
> Any suggestions would be appreciated.
>
a) Run with a debugger
https://wiki.apache.org/tomcat/FAQ/Developing#Debugging
Possible points:
org.apache.catalina.connector.Response.encodeURL()
org.apache.catalina.connector.Response.encodeRedirectURL()
org.apache.catalina.connector.CoyoteAdapter.service()
b) Simplify your web application
until it becomes a simple example that can be reproduced by someone else.
c)
> But the first time I hit the web app
Is that "first time" response actually served by your web app, or by
some other (e.g. ROOT)?
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Config => Tracking Mode not working
Posted by Stephen McCants <st...@hcs.us.com>.
Hello Konstantin Kolinko,
I fixed my dumb web.xml schema declaration. Thanks for pointing that out.
I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID).
So, next I turned on logEffectiveWebXml="true" and verified that the effective web.xml for both of my wars contains:
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
But the first time I hit the web app, I'm still getting JSESSIONID in the URL.
Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag
Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files.
At this point, I'm not sure what else I should try to debug the problem.
Any suggestions would be appreciated.
Sincerely,
Stephen McCants
On Tue, 18 Nov 2014 03:17:27 +0300
Konstantin Kolinko <kn...@gmail.com> wrote:
> 2014-11-18 2:49 GMT+03:00 Stephen McCants <st...@hcs.us.com>:
> > Hello,
> >
> > I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some
> > reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56.
> >
> > First thing I tried was to add session-config/tracking mode to my web.xml, resulting in:
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> > <!DOCTYPE web-app PUBLIC
> > "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> > "http://java.sun.com/dtd/web-app_2_3.dtd">
> > <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> > version="3.0">
>
> You are declaring both 2.3 DTD and 3.0 schema.
> Choose one.
>
> There exists a system property that turns on "strict servlet
> compliance mode". If you use it, it enables validation of your web.xml
> and will catch silly errors like this one.
>
> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
>
> > <session-config>
> > <tracking-mode>COOKIE</tracking-mode>
> > </session-config>
>
> If I add the above three lines to the web.xml of examples webapp, it
> works for me.
>
> http://localhost:8080/examples/servlets/servlet/SessionExample
> On the first visit to that example page look at "URL encoded" link at
> the bottom of the page, whether it contains jsessionid in it or not.
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
----------
Stephen McCants
Senior Software Engineer
Healthcare Control Systems, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Config => Tracking Mode not working
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-11-18 2:49 GMT+03:00 Stephen McCants <st...@hcs.us.com>:
> Hello,
>
> I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some
> reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56.
>
> First thing I tried was to add session-config/tracking mode to my web.xml, resulting in:
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <!DOCTYPE web-app PUBLIC
> "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> "http://java.sun.com/dtd/web-app_2_3.dtd">
> <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> version="3.0">
You are declaring both 2.3 DTD and 3.0 schema.
Choose one.
There exists a system property that turns on "strict servlet
compliance mode". If you use it, it enables validation of your web.xml
and will catch silly errors like this one.
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
> <session-config>
> <tracking-mode>COOKIE</tracking-mode>
> </session-config>
If I add the above three lines to the web.xml of examples webapp, it
works for me.
http://localhost:8080/examples/servlets/servlet/SessionExample
On the first visit to that example page look at "URL encoded" link at
the bottom of the page, whether it contains jsessionid in it or not.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org