You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Stuart Roebuck <st...@adolos.co.uk> on 2001/12/07 13:46:14 UTC
[Tomcat 4] HTTP 1.0 connector Cookie bug, was [C2] [Bug?] Cookies missing from environment
Chris,
Thanks again for the suggestion.
I've done some more debugging and found the problem...
The HTTP 1.0 compliant connector on Tomcat 4 throws away any cookies it
finds after the first session id cookie. If there's no session id cookie,
or the session id cookie happens to be the last one in the list then
everything will work fine, but if it isn't then cookies appear to get lost.
This bug is not present in the HTTP 1.1 connector, but this runs
*significantly* slower with Cocoon on our test environments.
Here's the problem code in Tomcat:
> for (int i = 0; i < cookies.length; i++) {
> if (cookies[i].getName().equals
> (Globals.SESSION_COOKIE_NAME)) {
>
> // Override anything requested in the URL
> request.setRequestedSessionId(cookies[i].getValue(
> ));
> request.setRequestedSessionCookie(true);
> request.setRequestedSessionURL(false);
> if (debug >= 1)
> log(" Requested cookie session id is " +
> ((HttpServletRequest)
> request.getRequest()).getRequestedSessionId());
> break; // Accept only the first session id value
>
> }
> request.addCookie(cookies[i]);
> }
I'll double check I've got the latest copy and then post this to the
Tomcat list.
Stuart.
P.S. Anyone know why the Tomcat 4.0 HTTP 1.1 connector is so much slower
with Cocoon?
On Friday, December 7, 2001, at 11:50 am, Chris Newland wrote:
> Hi Stuart,
>
> I had some problems using the cookie taglib myself so I resorted to Java
> code in my XSP.
>
> Here's a snippet of the code I use (works for me on Cocoon2b2)
>
> (very hacky - breaks the separation of concerns principle - I'll take
> another look at the taglib when I have time ;)
>
> <xsp:page
> language="java"
> xmlns:xsp="http://apache.org/xsp"
> xmlns:xsp-cookie="http://apache.org/xsp/cookie/2.0"
> xmlns:xsp-request="http://apache.org/xsp/request/2.0"
> xmlns:esql="http://apache.org/cocoon/SQL/v2"
> xmlns:session="http://apache.org/xsp/session/2.0"
>>
> ...
>
> <xsp:structure>
> <xsp:include>org.apache.cocoon.environment.Cookie</xsp:include>
> </xsp:structure>
>
> ...
>
> <xsp:logic>
>
> Cookie[] user_cookies = <xsp-cookie:getCookies/>;
>
> Cookie user_cookie = null;
>
> if (user_cookies != null)
> {
>
> <![CDATA[
> for (int i = 0; i < user_cookies.length; i++)
> ]]>
> {
>
> if (user_cookies[i].getName().equals("test_cookie"))
> {
> user_cookie = user_cookies[i]; <!-- cookie was found -->
> }
>
> }
>
> }
>
> ...
>
> Hope this helps,
>
> Best Regards,
>
> Chris
>
> PS. Shall we take this to the cocoon-users mailing list as there may be
> other users with solutions to this problem ?
>
>
> -----Original Message-----
> From: Stuart Roebuck [mailto:stuart.roebuck@adolos.co.uk]
> Sent: 07 December 2001 11:22
> To: cocoon-dev@xml.apache.org
> Subject: Re: [C2] [Bug?] Cookies missing from environment
>
>
> Chris,
>
> Thanks for the rapid response...
>
> Looking at the Cocoon log the "HEADER PARAMETERS" of the request display
> the cookie:
>
>> HEADER PARAMETERS:
>>
>> PARAM: 'cookie' VALUES: '[JSESSIONID=D29143D183239003153020F4A5F020A1;
>> testcookie=31]'
>> ^
>> ^
>> ^^^^^^^^^^^
>
> so it's getting there, but seems to be getting no further. I'm surprised
> if I'm the first person to find this, which is why I reckon I must be
> doing something brain-dead.
>
> Stuart.
>
>
> On Friday, December 7, 2001, at 11:05 am, Chris Newland wrote:
>
>> Hi Stuart,
>>
>> Are you sure that the client browser is adding the cookie to the http
>> request it is making to Cocoon? A cookie contains a path parameter that
>> tells the browser that the cookie should only be submitted when the
>> browser
>> is requesting URLs that match a certain path on the server.
>>
>> If you want the cookie to be submitted to every URL on a given server
>> then
>> set the cookie path parameter to "/".
>>
>> You can check if the browser is submitting the cookie by using a HTTP
>> viewer
>> that acts as a proxy to your browser. For Windows I would recommend
>> HTTPInspector, but I'm sure there are equivalent tools for *NIX. The
>> cookies
>> will appear in the HTTP header.
>>
>> Best Regards,
>>
>> Chris
>>
>> -----Original Message-----
>> From: Stuart Roebuck [mailto:stuart.roebuck@adolos.co.uk]
>> Sent: 07 December 2001 10:47
>> To: cocoon-dev@xml.apache.org
>> Subject: [C2] [Bug?] Cookies missing from environment
>>
>>
>> I'm currently working on an action which needs to set and check cookies.
>>
>> Setting is fine, but checking/reading is not working.
>>
>> It gets the request from the environment and uses either getCookies or
>> getCookieMap to get the list of cookies. But neither work, despite the
>> fact that session handling is working fine - i.e. the session cookie is
>> being handled correctly by the system (I'm not using URL rewriting) - so
>> the browser is storing and returning the JSESSIONID cookie.
>>
>> I did some remote debugging, put a breakpoint on every call to the Cocoon
>> HttpRequest constructor and found that the HttpServletRequest object
>> passed to it never contains any cookies.
>>
>> Any ideas or pointers - am I doing something really brain-dead?
>>
>> Thanks,
>>
>> Stuart.
Public Key - 1024D/88DD65AF 2001-11-23 Stuart Roebuck (Adolos)
Key fingerprint = 89D9 E405 F8B1 9B22 0FA2 F2C1 9E57 5AB1 88DD 65AF
-------------------------------------------------------------------------
Stuart Roebuck stuart.roebuck@adolos.com
Lead Developer Java, XML, MacOS X, XP, etc.
ADOLOS <http://www.adolos.com/>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: [Tomcat 4] HTTP 1.0 connector Cookie bug, was [C2] [Bug?] Cookies missing from environment
Posted by Peter Royal <pr...@managingpartners.com>.
On Friday 07 December 2001 09:42 am, you wrote:
> I don't think so, but could you elaborate a little on why this makes a
> difference - or point me to some documentation that mentions this? Does
> HTTP 1.1 carry out DNS lookups that don't happen with HTTP 1.0? What
> would represent a complex DNS setting?
>
> My apologies if I'm asking something obvious, HTTP specs are not my strong
> point!
Highlights key differences:
http://www.research.att.com/~bala/papers/h0vh1.html
-pete
--
peter royal -> proyal@managingpartners.com
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: [Tomcat 4] HTTP 1.0 connector Cookie bug, was [C2] [Bug?] Cookies missing from environment
Posted by Stuart Roebuck <st...@adolos.co.uk>.
Further to my previous email I've rediscovered where I got the suggestion
to use HTTP 1.0. It's in the Tomcat 4.01 release notes:
> --------------------------------
> Tomcat 4.0 and Apache Cocoon 2.0:
> --------------------------------
>
> For optimal performance with Apache Cocoon 2.0, it is recommended to use
> the
> HTTP/1.0 connector.
>
Stuart.
On Friday, December 7, 2001, at 02:42 pm, Stuart Roebuck wrote:
>
> On Friday, December 7, 2001, at 02:03 pm, Jörg Prante wrote:
>
>> Stuart,
>>
>> this is a Tomcat HTTP 1.0 connector bug, if you ask me. The Tomcat HTTP
>> 1.
>> 1
>> connector uses
>>
>> if (!request.isRequestedSessionIdFromCookie()) { ... }
>>
>> to control the session ID cookie setting correctly. In HTTP 1.0 code,
>> this
>> conditional is missing in the Tomcat code and cookies are dropped from
>> the
>> request after a session cookie has been found.
>
> yes thanks, that's why I renamed the email: "[Tomcat 4] HTTP 1.0
> connector Cookie bug"!
>
>> Stuart, why do you prefer HTTP 1.0? There are major drawbacks comparing
>> to
>> 1.1 according to secure connections.
>
> I originally tried the HTTP 1.0 connector because there was (and maybe
> still is) a page on either the Cocoon or Tomcat site indicating that
> Cocoon would run faster with this connector.
>
> When I tried it the difference was like night and day. Unfortunately I
> didn't have time to investigate why, but I took the existence of a
> message on the site as an indication that it was a known issue probably
> without an easy workaround.
>
>> Do you use any HTTP proxies or complex DNS settings This slows down HTTP
>> 1.1
>> connections.
>
> I don't think so, but could you elaborate a little on why this makes a
> difference - or point me to some documentation that mentions this? Does
> HTTP 1.1 carry out DNS lookups that don't happen with HTTP 1.0? What
> would represent a complex DNS setting?
>
> My apologies if I'm asking something obvious, HTTP specs are not my
> strong point!
>
> Stuart.
>
>
>> Cheers, Jörg
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
>> For additional commands, email: cocoon-dev-help@xml.apache.org
>>
>>
>
> Public Key - 1024D/88DD65AF 2001-11-23 Stuart Roebuck (Adolos)
> Key fingerprint = 89D9 E405 F8B1 9B22 0FA2 F2C1 9E57 5AB1 88DD 65AF
> -------------------------------------------------------------------------
> Stuart Roebuck stuart.roebuck@adolos.com
> Lead Developer Java, XML, MacOS X, XP, etc.
> ADOLOS <http://www.adolos.com/>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>
>
Public Key - 1024D/88DD65AF 2001-11-23 Stuart Roebuck (Adolos)
Key fingerprint = 89D9 E405 F8B1 9B22 0FA2 F2C1 9E57 5AB1 88DD 65AF
-------------------------------------------------------------------------
Stuart Roebuck stuart.roebuck@adolos.com
Lead Developer Java, XML, MacOS X, XP, etc.
ADOLOS <http://www.adolos.com/>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: [Tomcat 4] HTTP 1.0 connector Cookie bug, was [C2] [Bug?] Cookies missing from environment
Posted by Stuart Roebuck <st...@adolos.co.uk>.
On Friday, December 7, 2001, at 02:03 pm, Jörg Prante wrote:
> Stuart,
>
> this is a Tomcat HTTP 1.0 connector bug, if you ask me. The Tomcat HTTP 1.
> 1
> connector uses
>
> if (!request.isRequestedSessionIdFromCookie()) { ... }
>
> to control the session ID cookie setting correctly. In HTTP 1.0 code, this
> conditional is missing in the Tomcat code and cookies are dropped from the
> request after a session cookie has been found.
yes thanks, that's why I renamed the email: "[Tomcat 4] HTTP 1.0 connector
Cookie bug"!
> Stuart, why do you prefer HTTP 1.0? There are major drawbacks comparing to
> 1.1 according to secure connections.
I originally tried the HTTP 1.0 connector because there was (and maybe
still is) a page on either the Cocoon or Tomcat site indicating that
Cocoon would run faster with this connector.
When I tried it the difference was like night and day. Unfortunately I
didn't have time to investigate why, but I took the existence of a
message on the site as an indication that it was a known issue probably
without an easy workaround.
> Do you use any HTTP proxies or complex DNS settings This slows down HTTP
> 1.1
> connections.
I don't think so, but could you elaborate a little on why this makes a
difference - or point me to some documentation that mentions this? Does
HTTP 1.1 carry out DNS lookups that don't happen with HTTP 1.0? What
would represent a complex DNS setting?
My apologies if I'm asking something obvious, HTTP specs are not my strong
point!
Stuart.
> Cheers, Jörg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>
>
Public Key - 1024D/88DD65AF 2001-11-23 Stuart Roebuck (Adolos)
Key fingerprint = 89D9 E405 F8B1 9B22 0FA2 F2C1 9E57 5AB1 88DD 65AF
-------------------------------------------------------------------------
Stuart Roebuck stuart.roebuck@adolos.com
Lead Developer Java, XML, MacOS X, XP, etc.
ADOLOS <http://www.adolos.com/>
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org
Re: [Tomcat 4] HTTP 1.0 connector Cookie bug, was [C2] [Bug?] Cookies missing from environment
Posted by Jörg Prante <jo...@gmx.de>.
Stuart,
this is a Tomcat HTTP 1.0 connector bug, if you ask me. The Tomcat HTTP 1.1
connector uses
if (!request.isRequestedSessionIdFromCookie()) { ... }
to control the session ID cookie setting correctly. In HTTP 1.0 code, this
conditional is missing in the Tomcat code and cookies are dropped from the
request after a session cookie has been found.
Stuart, why do you prefer HTTP 1.0? There are major drawbacks comparing to
1.1 according to secure connections.
Do you use any HTTP proxies or complex DNS settings This slows down HTTP 1.1
connections.
Cheers, Jörg
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org