Session ending

[Thom Burnett <th...@gmail.com>]

What's the standard definition of the end of a session. That is, if there's
no session.invalidate() call, how should servlets (esp the struts servlet)
decide that a request is part of a new session? Where is this discussed -
some tutorial or documentation on the web?

I have a struts application where the request.session object seems to be
ending between actions. That is one action forwards to another action and
when the request eaches the 2nd action the session no longer contains what
it clearly had in the first session. This has only happened with IE 7. It
doesn't happen when Firefox is used and doesn't seem to happen with older
versions of IE tho I'm not completely sure of that.

Any thoughts?

Re: Session ending

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thom,

Thom Burnett wrote:
> What's the standard definition of the end of a session. That is, if there's
> no session.invalidate() call, how should servlets (esp the struts servlet)
> decide that a request is part of a new session?

The server associates a request with a session either through the use of
a cookie (called JSESSIONID), or the use of a token put into the URL
(called "jsessionid").

If your browser looses either one of those for some reason (see below),
then the server will not link a new request to the existing session.

> I have a struts application where the request.session object seems to be
> ending between actions. That is one action forwards to another action and
> when the request reaches the 2nd action the session no longer contains what
> it clearly had in the first session. This has only happened with IE 7. It
> doesn't happen when Firefox is used and doesn't seem to happen with older
> versions of IE tho I'm not completely sure of that.

I have heard of weird things happening with MSIE and redirects,
especially if you are switching protocols (http -> https or the
reverse). Can you describe in more detail exactly what you are doing?
Also, does this happen in one place only in your application, or
randomly throughout?

It's possible that you are forgetting to encode a particular URL and you
are losing the jsessionid URL parameter, or you are emitting a URL in a
link that is outside of the "path" to which the cookie has been
configured to be sent. These problems would affect all browsers, so I
might be wrong on this one.

Post more details and let us know.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFolAm9CaO5/Lv0PARAs6yAJwLpFoLTEcykcOi0VsCIIpT8GvurACdGTFv
zAYgNGa/f3kG17ThNfNg3sg=
=Bhg8
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org