You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Sascha Hesse <sj...@gmail.com> on 2011/06/08 11:18:51 UTC
Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request /
JSESSIONID changes
Hello all,
I'm hosting our spring mvc 3.0.5 application in tomcat 7.0.14 and also
tried 6.0.32
The server is hosting two webapps.
The frontend: http://localhost:50012/frontend
The backend: http://localhost:50012/backend
The Request-Flow looks as following:
User: http://localhost:50012/frontend/index.htm
AJAX Frontend:
http://localhost:50012/frontend/setFilter.htm
AJAX Backend:
http://localhost:50012/backend/setFilter.htm
User: onClick()
AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
AJAX Backend: http://localhost:50012/backend/setFilter.htm
The corresponding request-pairs to frontend and backend should be
identified via the sessionID.
Tomcat is doing that via Cookie JSESSIONID. I configured Tomcat
according to https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
<Context sessionCookiePath="/" sessionCookieDomain=".localhost">
If I look into the cookies in request and response the following
happens (note I shortened the sessionIds)
User: http://localhost:50012/frontend/index.htm
ResponseHeader: -
RequestHeader: JSESSIONID=1
AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
ResponseHeader: -
RequestHeader: JSESSIONID=1
AJAX Backend: http://localhost:50012/backend/setFilter.htm
ResponseHeader: set JSESSIONID=2
RequestHeader: JSESSIONID=1
User: onClick()
AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
ResponseHeader: setJSESSIONID=3
RequestHeader: JSESSIONID=2
AJAX Backend: http://localhost:50012/backend/setFilter.htm
ResponseHeader: -
RequestHeader: JSESSIONID=2
...the sessionID alsways changes when I'm requesting the other
context. Has anyone a hint according to this?
Kind regards
Sascha
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after
request / JSESSIONID changes
Posted by Sascha Hesse <sj...@gmail.com>.
it was set in a header.
But I already figured out what the Problem was.
For the Browser (Firefox 4) .localhost is not a valid domain for a cookie.
Some documents on the web say, that for localhost domain has to be empty.
This also didn't work.
The solution was requesting the service with a full qualified hostname
and then setting the cookie according to the fqn.
Hope this helps everybody who runs in the same pitfall.
Regards Sascha
> Does the AJAX javascript set the session id in a cookie header, or
> append it as a path attribute?
>
> You can't rely on the browser to do this automagically for you in most
> AJAX libs.
>
>
> p
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request
/ JSESSIONID changes
Posted by Pid <pi...@pidster.com>.
On 08/06/2011 10:18, Sascha Hesse wrote:
> Hello all,
>
> I'm hosting our spring mvc 3.0.5 application in tomcat 7.0.14 and also
> tried 6.0.32
>
> The server is hosting two webapps.
>
> The frontend: http://localhost:50012/frontend
> The backend: http://localhost:50012/backend
>
> The Request-Flow looks as following:
>
> User: http://localhost:50012/frontend/index.htm
> AJAX Frontend:
> http://localhost:50012/frontend/setFilter.htm
> AJAX Backend:
> http://localhost:50012/backend/setFilter.htm
> User: onClick()
> AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
> AJAX Backend: http://localhost:50012/backend/setFilter.htm
>
>
> The corresponding request-pairs to frontend and backend should be
> identified via the sessionID.
>
> Tomcat is doing that via Cookie JSESSIONID. I configured Tomcat
> according to https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
> <Context sessionCookiePath="/" sessionCookieDomain=".localhost">
>
> If I look into the cookies in request and response the following
> happens (note I shortened the sessionIds)
>
>
> User: http://localhost:50012/frontend/index.htm
> ResponseHeader: -
> RequestHeader: JSESSIONID=1
> AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
> ResponseHeader: -
> RequestHeader: JSESSIONID=1
> AJAX Backend: http://localhost:50012/backend/setFilter.htm
> ResponseHeader: set JSESSIONID=2
> RequestHeader: JSESSIONID=1
> User: onClick()
> AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
> ResponseHeader: setJSESSIONID=3
> RequestHeader: JSESSIONID=2
> AJAX Backend: http://localhost:50012/backend/setFilter.htm
> ResponseHeader: -
> RequestHeader: JSESSIONID=2
>
> ...the sessionID alsways changes when I'm requesting the other
> context. Has anyone a hint according to this?
Does the AJAX javascript set the session id in a cookie header, or
append it as a path attribute?
You can't rely on the browser to do this automagically for you in most
AJAX libs.
p