You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Xiaojun Deng <xj...@gmail.com> on 2010/03/01 08:49:03 UTC
Re: Tomcat SSO JSESSIONIDSSO value can't be reset by browser
On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote:
>On 26/02/2010 14:58, Xiaojun Deng wrote:
>>On Fri, Feb 26, 2010 at 8:51 PM, Pid<pi...@pidster.com> wrote:
>>>On 26/02/2010 09:59, Xiaojun Deng wrote:
>>>>
>>>>On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
>>>>>
>>>>>On 26/02/2010 04:15, Xiaojun Deng wrote:
>>>>>>
>>>>>>Hello,
>>>>>>
>>>>>>I use the Tomcat SSO function, and I found that when I restart my tomcat
>>>>>>or the
>>>>>>session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the
>>>>>>old value,
>>>>>>so I can't login my application.
>>>>>>
>>>>>>And the web application's JSESSIONID works well, they can reset the
>>>>>>cookie value.
>>>>>>
>>>>>>Is there a way to configure for the JSESSIONIDSSO?
>>>>>>
>>>>>>server.xml content
>>>>>><Host name="localhost" appBase="webapps"
>>>>>>unpackWARs="true" autoDeploy="true"
>>>>>>xmlValidation="false" xmlNamespaceAware="false">
>>>>>>
>>>>>><Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" />
>>>>>><!-- SingleSignOn valve, share authentication between web applications
>>>>>>Documentation at: /docs/config/valve.html -->
>>>>>><Valve className="org.apache.catalina.authenticator.SingleSignOn"
>>>>>>requireReauthentication="false"/>
>>>>>></Host>
>>>>>>
>>>>>>Thanks.
>>>>>
>>>>>What are your exact Tomcat, JVM, OS versions?
>>>>>
>>>>
>>>>CentOS release 5.2 (Final) kernel 2.6.18-92.el5
>>>>Tomcat 6.0.20
>>>>JVM jdk_1.6.0_14
>>>
>>>
>>>How many applications do you have deployed, and what is the session timeout
>>>for each one?
>>>
>>
>>I deployed 3 applications, and two session timeout are 60min, and the
>>rest is 5min for testing,
>
>OK - so if you're using the SSO valve, then the longer session
>timeout should mean that the users of the app with the shorter one is
>automatically logged in again.
>
yes, thanks for your comments
>
>>All the applications' JSESSIONID can be reset when the session timeout
>>(5min) or server restart (I checked the Firefox cookies manager),
>>but the JSESSIONIDSSO value can't be reset, it keep the old cookie
>>value, and when login into the server again, it failed caused by using
>>a old
>>cookie value, but the server have created a new session cookie.
>
>I'm not entirely sure I understand what you mean here. The value of
>JSESSIONID may change, but the session itself should remain intact.
>
>What is failing, exactly, and what symptoms are you seeing? The user
>is logged out, or an error page?
>
I'm sorry for the descriptions, maybe it's a complex problem for me...
Because I used the JSESSIONIDSSO value to validate, and I just want to the
value will change when the session timout or server restart, but when session timeouted,
the firefox cookie still keeped the old value, I don't know what happened.
>
>>Actually, I don't know who manages the JSESSIONIDSSO, I think the
>>JSESSIONID managed by each application, and it can refresh when
>>session timeout, but why the JSESSIONIDSSO can't work well?
>>
>>Thanks.
>
>The %CATALINA_HOME%/conf/context.xml file contains a documented
>setting which allows the session to be persisted during restarts. If
>it is enabled then the session will be restored to each user, after
>restart.
>
I don't enable it.
A session(JSESSIONID) is managed by the web application, like
webapps/app1
webapps/app2
But who manages the JSESSIONIDSSO?
Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it
will create a new value, and work well.
Thanks.
>
>p
>
>
>>>>>>---------------------------------------------------------------------
>>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>
>>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat SSO JSESSIONIDSSO value can't be reset by browser
Posted by Pid <pi...@pidster.com>.
On 01/03/2010 07:49, Xiaojun Deng wrote:
> On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote:
>> On 26/02/2010 14:58, Xiaojun Deng wrote:
>>> On Fri, Feb 26, 2010 at 8:51 PM, Pid<pi...@pidster.com> wrote:
>>>> On 26/02/2010 09:59, Xiaojun Deng wrote:
>>>>>
>>>>> On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
>>>>>>
>>>>>> On 26/02/2010 04:15, Xiaojun Deng wrote:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I use the Tomcat SSO function, and I found that when I restart my tomcat
>>>>>>> or the
>>>>>>> session timeout, I refresh the page, the cookie JSESSIONIDSSO keep the
>>>>>>> old value,
>>>>>>> so I can't login my application.
>>>>>>>
>>>>>>> And the web application's JSESSIONID works well, they can reset the
>>>>>>> cookie value.
>>>>>>>
>>>>>>> Is there a way to configure for the JSESSIONIDSSO?
>>>>>>>
>>>>>>> server.xml content
>>>>>>> <Host name="localhost" appBase="webapps"
>>>>>>> unpackWARs="true" autoDeploy="true"
>>>>>>> xmlValidation="false" xmlNamespaceAware="false">
>>>>>>>
>>>>>>> <Realm className="org.apache.catalina.realm.SSOMultipleDSRealm" />
>>>>>>> <!-- SingleSignOn valve, share authentication between web applications
>>>>>>> Documentation at: /docs/config/valve.html -->
>>>>>>> <Valve className="org.apache.catalina.authenticator.SingleSignOn"
>>>>>>> requireReauthentication="false"/>
>>>>>>> </Host>
>>>>>>>
>>>>>>> Thanks.
>>>>>>
>>>>>> What are your exact Tomcat, JVM, OS versions?
>>>>>>
>>>>>
>>>>> CentOS release 5.2 (Final) kernel 2.6.18-92.el5
>>>>> Tomcat 6.0.20
>>>>> JVM jdk_1.6.0_14
>>>>
>>>>
>>>> How many applications do you have deployed, and what is the session timeout
>>>> for each one?
>>>>
>>>
>>> I deployed 3 applications, and two session timeout are 60min, and the
>>> rest is 5min for testing,
>>
>> OK - so if you're using the SSO valve, then the longer session
>> timeout should mean that the users of the app with the shorter one is
>> automatically logged in again.
>>
> yes, thanks for your comments
>>
>>> All the applications' JSESSIONID can be reset when the session timeout
>>> (5min) or server restart (I checked the Firefox cookies manager),
>>> but the JSESSIONIDSSO value can't be reset, it keep the old cookie
>>> value, and when login into the server again, it failed caused by using
>>> a old
>>> cookie value, but the server have created a new session cookie.
>>
>> I'm not entirely sure I understand what you mean here. The value of
>> JSESSIONID may change, but the session itself should remain intact.
>>
>> What is failing, exactly, and what symptoms are you seeing? The user
>> is logged out, or an error page?
>>
>
> I'm sorry for the descriptions, maybe it's a complex problem for me...
> Because I used the JSESSIONIDSSO value to validate, and I just want to the
> value will change when the session timout or server restart, but when session timeouted,
> the firefox cookie still keeped the old value, I don't know what happened.
Uaed the JSESSIONIDSSO value to validate what?
>>> Actually, I don't know who manages the JSESSIONIDSSO, I think the
>>> JSESSIONID managed by each application, and it can refresh when
>>> session timeout, but why the JSESSIONIDSSO can't work well?
>>>
>>> Thanks.
>>
>> The %CATALINA_HOME%/conf/context.xml file contains a documented
>> setting which allows the session to be persisted during restarts. If
>> it is enabled then the session will be restored to each user, after
>> restart.
>>
> I don't enable it.
> A session(JSESSIONID) is managed by the web application, like
> webapps/app1
> webapps/app2
> But who manages the JSESSIONIDSSO?
The SingleSignOnValve in the Host.
> Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it
> will create a new value, and work well.
I don't understand that, but hey.
p
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>
>>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org