You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Gordon Maclean <ma...@atd.ucar.edu> on 2001/02/15 03:08:56 UTC

netscape 4.7x, session ids and struts


Using netscape 4.7x on either solaris, linux or windows, the
struts-example fails, because I am bounced between two different
sessions.

The symptom indicates to me that netscape keeps separate lists
of cookies for the following URLs:

	http://myhost
	http://myhost:80

As one goes through the struts example, the URL is
sometimes displayed as myhost, and sometimes as myhost:80,
and I am never allowed past the login because the user
information is kept in a session associated with myhost,
and can't be found in a session associated with myhost:80.

Environment: struts nightly download as of Feb 12, 2001.
	Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.

I have all cookies enabled in netscape preferences, with
"Warn before accepting a cookie" also turned on for debugging.

1. When I try the struts-example with the following URL:

	http://myhost/struts-example

Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
and I click OK.

2. I select the "Log on ..." link.  Then the logon form is displayed at
a
   URL of
	http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1

Note the cookie in the URL because struts doesn't yet know if my browser 
accepts cookies.  Also note the port number 80 in the URL.

3. I enter user:pass and Submit.  

LogonAction logs the following message:

2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: 
	User 'user' logged on in session f78s0eymd1


The mainMenu.jsp page is displayed, with a URL: 

	http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1

(note no port number is in the URL)

4. Then, when I select "Edit your" the netscape question box pops up
asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
The URL is shown as
http://myhost:80/struts-example/editRegistration.do?action=Edit
 
This shouldn't happen, it should use the first session id!

5. When I click on OK, then, EditRegistrationAction logs the following
error:

2001-02-15 02:00:55 - path="/struts-example" :action:  User is not
  logged on in session ynsmafyqr1


The logon.jsp form is again displayed.  If I enter user:pass, then
LogonAction reports a successfull login in session f78s0eymd1
(the first session id again!)

When I select "Edit ..." I get the same error from
EditRegistrationAction about "User is not logged on in session
ynsmafyqr1".
And so on, ad-infinitum.

If I disable cookies in netscape preferences, then things
work with URL rewriting, and EditRegistrationAction forwards me to
registration.jsp.

The problem also does not show up with IE 5.

Also, at step 4, if I manually enter a URL of:
	http://myhost/struts-example/editRegistration.do?action=Edit
then EditRegistrationAction succeeds and forwards to registration.jsp. 
	

If I am right about netscape keeping separate cookie lists, then perhaps
a workaround is for struts (specifically the html taglib) not to add
the port number when generating URLs?

I haven't tested this solution.  

Someone must have run into it also?

Gordon Maclean

-- 
*****************************************************
Gordon Maclean, Software Engineer, 303 497-8794
Nat'l Center for Atmospheric Research, Boulder CO USA
*****************************************************

Re: netscape 4.7x, session ids and struts

Posted by Rick Smith <ri...@mindspring.com>.

This is same problem I so awkwardly brought up this morning. The
examples work on Netscape 6, Mozilla 0.7, Lynx and even IE5 but not on
Netscape 4.72.

Rick 

 Gordon Maclean wrote:
> 
> Using netscape 4.7x on either solaris, linux or windows, the
> struts-example fails, because I am bounced between two different
> sessions.
> 
> The symptom indicates to me that netscape keeps separate lists
> of cookies for the following URLs:
> 
>         http://myhost
>         http://myhost:80
> 
> As one goes through the struts example, the URL is
> sometimes displayed as myhost, and sometimes as myhost:80,
> and I am never allowed past the login because the user
> information is kept in a session associated with myhost,
> and can't be found in a session associated with myhost:80.
> 
> Environment: struts nightly download as of Feb 12, 2001.
>         Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
> 
> I have all cookies enabled in netscape preferences, with
> "Warn before accepting a cookie" also turned on for debugging.
> 
> 1. When I try the struts-example with the following URL:
> 
>         http://myhost/struts-example
> 
> Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> and I click OK.
> 
> 2. I select the "Log on ..." link.  Then the logon form is displayed at
> a
>    URL of
>         http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
> 
> Note the cookie in the URL because struts doesn't yet know if my browser
> accepts cookies.  Also note the port number 80 in the URL.
> 
> 3. I enter user:pass and Submit.
> 
> LogonAction logs the following message:
> 
> 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
>         User 'user' logged on in session f78s0eymd1
> 
> The mainMenu.jsp page is displayed, with a URL:
> 
>         http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
> 
> (note no port number is in the URL)
> 
> 4. Then, when I select "Edit your" the netscape question box pops up
> asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> The URL is shown as
> http://myhost:80/struts-example/editRegistration.do?action=Edit
> 
> This shouldn't happen, it should use the first session id!
> 
> 5. When I click on OK, then, EditRegistrationAction logs the following
> error:
> 
> 2001-02-15 02:00:55 - path="/struts-example" :action:  User is not
>   logged on in session ynsmafyqr1
> 
> The logon.jsp form is again displayed.  If I enter user:pass, then
> LogonAction reports a successfull login in session f78s0eymd1
> (the first session id again!)
> 
> When I select "Edit ..." I get the same error from
> EditRegistrationAction about "User is not logged on in session
> ynsmafyqr1".
> And so on, ad-infinitum.
> 
> If I disable cookies in netscape preferences, then things
> work with URL rewriting, and EditRegistrationAction forwards me to
> registration.jsp.
> 
> The problem also does not show up with IE 5.
> 
> Also, at step 4, if I manually enter a URL of:
>         http://myhost/struts-example/editRegistration.do?action=Edit
> then EditRegistrationAction succeeds and forwards to registration.jsp.
> 
> 
> If I am right about netscape keeping separate cookie lists, then perhaps
> a workaround is for struts (specifically the html taglib) not to add
> the port number when generating URLs?
> 
> I haven't tested this solution.
> 
> Someone must have run into it also?
> 
> Gordon Maclean
> 
> --
> *****************************************************
> Gordon Maclean, Software Engineer, 303 497-8794
> Nat'l Center for Atmospheric Research, Boulder CO USA
> *****************************************************