You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Nelson D. guerrero" <to...@nelsong.com> on 2007/03/28 21:33:32 UTC
Session Problems Apache httpd -> tomcat
Hello everyone,
I'm new to the list and I've been using tomcat for quite some time now
and have a little question. Any help would be greatly appreciated.
I've made a little jsp to show me the current session I'm on, when using
it on a standalone tomcat server the session never changes, when I move
it to an apache httpd server with mod_jk connected to the same tomcat
server the session still doesn't change, but when I add some traffic to
both the httpd server and the tomcat server, the sessions start changing
with every click and I'm having some trouble with the applications I'm
deploying.
I'm using:
1) Apache httpd 2.2.4
2) Apache tomcat 5.5.23
3) mod_jk/1.2.15
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Nicholas Sushkin <ns...@openfinance.com>.
On Wednesday 28 March 2007 18:17, Christopher Schultz wrote:
> > Do they go through request.encodeURL automatically or do I have to do
> > something?
If you use JSTL Core library c:url, then they do. If you are using "<a
href=''>", then they do not and you have to use
<a href="<%= response.encodeURL(theURL) %>">link</a>.
It's safer and cleaner to use c:url.
I prefer the XML syntax,
<jsp:element name="a">
<jsp:attribute name="title">Log out</jsp:attribute>
<jsp:attribute name="href"><c:url value="logoff.jsp"/></jsp:attribute>
<jsp:body>Log Out</jsp:body>
</jsp:element>
but you can do
<a href="<c:out value="logoff.jsp"/>">Log Out</a>
--
Nicholas Sushkin, Senior Software Engineer
http://www.openfinance.com http://www.wealthinformationexchange.com
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
> On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote:
>
>> Assuming that Tomcat is managing your sessions (there aren't too many
>> good reasons to manage your own sessions), then Tomcat uses either
>> cookies or URL rewriting to maintain sessions between requests.
>
> I'm sorry, I'm not following. By saying "managing your sessions", do you
> mean running tomcat standalone or letting tomcat manager the sessions
> and that the httpd uses the sessions off of the tomcat?
Apache httpd does not manage sessions at all, so it doesn't matter.
What I meant was "are you implementing your own strange session
management" -- and the answer is probably "no".
>> Probably not: Tomcat should do this for you already.
>>
>> Usually, sessions get lost because Tomcat has had to resort to URL
>> rewriting, but the application has not been written with this in mind.
>> For instance, every single URL that you generate ought to go through
>> request.encodeURL to make sure that the session id is properly added if
>> necessary. If you don't do this, then you'll end up creating a new
>> session when you use that (session-less) link.
>
> Do they go through request.encodeURL automatically or do I have to do
> something?
Any time you generate a URL to be included in a web page, you need to
make sure that your URL goes through request.encodeURL. If you are using
a JSP tab library to build your links, then it is more than likely to do
this for you. To be on the safe side, tell us how you build your web
pages. If it's using JSP, then let us know about any tag libraries you
are using.
> Sorry for all the questions, I'm no developer and I'm surely not a
> tomcat administrator, they just shoved me the responsibility a couple of
> months ago and I've been learning ever since.
No problem. We tend to put the kid gloves on when someone starts asking
questions like this.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGCul79CaO5/Lv0PARAihuAJ4pngqkCAf3AKIC0AZjiyT5SCHgxQCgqAgT
0iMj8v32fwZo5uRQXikIE8U=
=g5ew
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
SPAMMED: Additional JARs have been added
Posted by Dwight Farris <df...@email.arizona.edu>.
Hello Everyone,
I am running TOMCAT 5.0.28 on a Mac OS X; JVM 1.5.0_06-112 platform; over a
period of a week I have made some code changes to ensure the service will
automatically restart if it stops. The following are some of the changes
that I have made:
TOMCAT now starts via launchd script which will watch it and restart
it if it dies. For this to work I had to modify catalina.sh to not exit
when it starts tomcat
(1 removed the trailing & from the 'start' options).
If TOMCAT stops, launchd will just restart it right
away.
TOMCAT did stop at about 15:25 MST today. It restarted fine, but now the
catalina.out file is being spammed with:
INFO: Additional JARs have been added: 'commons-digester.jar'
Mar 29, 2007 3:54:59 PM org.apache.catalina.core.StandardContext
reload
INFO: Reloading this Context has started
Any assistance is greatly appreciated
Dwight
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
> On Thu, 2007-03-29 at 12:20 -0400, Christopher Schultz wrote:
>> Honestly, you should never have to do anything with cookies
>> yourself...
>> Tomcat should handle any required cookie manipulations. I think it
>> will
>> just clutter your code and confuse anyone reading it.
>
> It's working without any code, but when I add traffic to the application
> it stops working and for every refresh it makes a new session. The
> workaround I offered was to force the session and that's the only thing
> working right now.
>
> Any ideas on that?
Not really... you are probably just duplicating code that Tomcat is
running also. Are you sure that your load profiles are the same in both
cases?
Tomcat easily handles a ton of load without losing sessions. The problem
is likely to be in your application.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGDDMb9CaO5/Lv0PARArnHAJ9cXmLPqIQEhlONT74U2M1BkUUVDQCgu/cp
2hWDC+zj16EN6lKWcXP+LSs=
=vchg
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by "Nelson D. guerrero" <to...@nelsong.com>.
On Thu, 2007-03-29 at 12:20 -0400, Christopher Schultz wrote:
> Honestly, you should never have to do anything with cookies
> yourself...
> Tomcat should handle any required cookie manipulations. I think it
> will
> just clutter your code and confuse anyone reading it.
It's working without any code, but when I add traffic to the application
it stops working and for every refresh it makes a new session. The
workaround I offered was to force the session and that's the only thing
working right now.
Any ideas on that?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
>> Your URLs will then look something like:
>> /path/to.jsp;jsessionid=XXXXXXXX?query=goes+here
>
> This and the addCookie worked perfectly. The developers are working on a
> fix right now.
Honestly, you should never have to do anything with cookies yourself...
Tomcat should handle any required cookie manipulations. I think it will
just clutter your code and confuse anyone reading it.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGC+dj9CaO5/Lv0PARAootAKCjGHGvHvwvg3Gqc/0O8v4rKuo5sgCgpzlf
gD0lrhCItOiUL6QCSEGxcws=
=iGqY
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by "Nelson D. guerrero" <to...@nelsong.com>.
On Thu, 2007-03-29 at 09:43 +0100, Pid wrote:
>
> They don't go through it automatically, as the links are in the page
> output, and tomcat doesn't hunt through output streams for URLs to encode.
>
> All URLs need to be manually encoded, in your JSPs or Servlet outputs.
> Check with your developers to ensure that this is the case.
>
> If the URLs are properly encoded Tomcat will then rewrite the URL to
> include the session data in the URL if cookies are not available.
>
> Your URLs will then look something like:
> /path/to.jsp;jsessionid=XXXXXXXX?query=goes+here
This and the addCookie worked perfectly. The developers are working on a
fix right now.
> The HTTPD is largely agnostic of the sessions - unless you are
> clustering - as it won't interfere with a cookie, and will pass a URL
> parameter through as normal.
>
> Q: How have you connected HTTPD/Tomcat, and which versions are you using?
Tomcat 2.2.23
Apache httpd 2.2.0
mod_jk 1.2.15
>
> If you *are* clustering then you need to ensure that the jvmRoute
> attribute of the Engine in conf/server.xml is set uniquely for each
> Tomcat. (http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html)
>
> This adds the value of the attribute to the end of the jsessionid so
> that your load balancer can direct the session to the appropriate Tomcat.
No clusters yet, though we will be looking into it as soon as I learn a
bit more.
Thanks a lot Christopher, Pid and Nicholas, your help was very valuable.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Pid <p...@pidster.com>.
Nelson D. guerrero wrote:
> On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote:
>
>> Assuming that Tomcat is managing your sessions (there aren't too many
>> good reasons to manage your own sessions), then Tomcat uses either
>> cookies or URL rewriting to maintain sessions between requests.
>
> I'm sorry, I'm not following. By saying "managing your sessions", do you
> mean running tomcat standalone or letting tomcat manager the sessions
> and that the httpd uses the sessions off of the tomcat?
>
>> Probably not: Tomcat should do this for you already.
>>
>> Usually, sessions get lost because Tomcat has had to resort to URL
>> rewriting, but the application has not been written with this in mind.
>> For instance, every single URL that you generate ought to go through
>> request.encodeURL to make sure that the session id is properly added if
>> necessary. If you don't do this, then you'll end up creating a new
>> session when you use that (session-less) link.
>
> Do they go through request.encodeURL automatically or do I have to do
> something?
They don't go through it automatically, as the links are in the page
output, and tomcat doesn't hunt through output streams for URLs to encode.
All URLs need to be manually encoded, in your JSPs or Servlet outputs.
Check with your developers to ensure that this is the case.
If the URLs are properly encoded Tomcat will then rewrite the URL to
include the session data in the URL if cookies are not available.
Your URLs will then look something like:
/path/to.jsp;jsessionid=XXXXXXXX?query=goes+here
The HTTPD is largely agnostic of the sessions - unless you are
clustering - as it won't interfere with a cookie, and will pass a URL
parameter through as normal.
Q: How have you connected HTTPD/Tomcat, and which versions are you using?
If you *are* clustering then you need to ensure that the jvmRoute
attribute of the Engine in conf/server.xml is set uniquely for each
Tomcat. (http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html)
This adds the value of the attribute to the end of the jsessionid so
that your load balancer can direct the session to the appropriate Tomcat.
p
> Sorry for all the questions, I'm no developer and I'm surely not a
> tomcat administrator, they just shoved me the responsibility a couple of
> months ago and I've been learning ever since.
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Session Problems Apache httpd -> tomcat
Posted by "Nelson D. guerrero" <to...@nelsong.com>.
On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote:
> Assuming that Tomcat is managing your sessions (there aren't too many
> good reasons to manage your own sessions), then Tomcat uses either
> cookies or URL rewriting to maintain sessions between requests.
I'm sorry, I'm not following. By saying "managing your sessions", do you
mean running tomcat standalone or letting tomcat manager the sessions
and that the httpd uses the sessions off of the tomcat?
>
> Probably not: Tomcat should do this for you already.
>
> Usually, sessions get lost because Tomcat has had to resort to URL
> rewriting, but the application has not been written with this in mind.
> For instance, every single URL that you generate ought to go through
> request.encodeURL to make sure that the session id is properly added if
> necessary. If you don't do this, then you'll end up creating a new
> session when you use that (session-less) link.
Do they go through request.encodeURL automatically or do I have to do
something?
Sorry for all the questions, I'm no developer and I'm surely not a
tomcat administrator, they just shoved me the responsibility a couple of
months ago and I've been learning ever since.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Pid <p...@pidster.com>.
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nelson,
>
> Nelson D. guerrero wrote:
>>> Are you using cookies or URL-rewriting in order to track sessions?
>
>> No, the developers are using cookies or URL-rewriting, is this the
>> only way that the sessions can replicate between them?
>
> Assuming that Tomcat is managing your sessions (there aren't too many
> good reasons to manage your own sessions), then Tomcat uses either
> cookies or URL rewriting to maintain sessions between requests.
>
> By default, Tomcat attempts to use cookies, but if cookies are not
> supported by the client (the browser), then it resorts to URL rewriting.
>
>> I'm thinking on passing them this piece of code:
>>
>> ((HttpServletResponse)response).addCookie(new
>> Cookie("JSESSIONID",session.getId()));
>>
>> That will surely help.
>
> Probably not: Tomcat should do this for you already.
>
> Usually, sessions get lost because Tomcat has had to resort to URL
> rewriting, but the application has not been written with this in mind.
> For instance, every single URL that you generate ought to go through
> request.encodeURL to make sure that the session id is properly added if
> necessary. If you don't do this, then you'll end up creating a new
> session when you use that (session-less) link.
Are you testing manually or using something automated?
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGCtdd9CaO5/Lv0PARAmbxAKCqWzIxQKLz38z0xIVXXFpE2cWBLwCeLqaU
> ezD9gy8vmCGlyoyfWAk5bE8=
> =DfrI
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
>> Are you using cookies or URL-rewriting in order to track sessions?
> No, the developers are using cookies or URL-rewriting, is this the
> only way that the sessions can replicate between them?
Assuming that Tomcat is managing your sessions (there aren't too many
good reasons to manage your own sessions), then Tomcat uses either
cookies or URL rewriting to maintain sessions between requests.
By default, Tomcat attempts to use cookies, but if cookies are not
supported by the client (the browser), then it resorts to URL rewriting.
> I'm thinking on passing them this piece of code:
>
> ((HttpServletResponse)response).addCookie(new
> Cookie("JSESSIONID",session.getId()));
>
> That will surely help.
Probably not: Tomcat should do this for you already.
Usually, sessions get lost because Tomcat has had to resort to URL
rewriting, but the application has not been written with this in mind.
For instance, every single URL that you generate ought to go through
request.encodeURL to make sure that the session id is properly added if
necessary. If you don't do this, then you'll end up creating a new
session when you use that (session-less) link.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGCtdd9CaO5/Lv0PARAmbxAKCqWzIxQKLz38z0xIVXXFpE2cWBLwCeLqaU
ezD9gy8vmCGlyoyfWAk5bE8=
=DfrI
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by "Nelson D. guerrero" <to...@nelsong.com>.
On Wed, 2007-03-28 at 16:32 -0400, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nelson,
>
> Nelson D. guerrero wrote:
> >> How are you checking to see if the session has changed? Are you looking
> >> at request.getSession().getSessionId()? Or are you looking at some
> >> particular object in your sessions to see if that has changed?
> >
> > I'm using request.getSession().getId().
>
> Okay. Are you using cookies or URL-rewriting in order to track sessions?
> Oh, and what is your session timeout?
>
> - -chris
No, the developers are using cookies or URL-rewriting, is this the only
way that the sessions can replicate between them?
I'm thinking on passing them this piece of code:
((HttpServletResponse)response).addCookie(new
Cookie("JSESSIONID",session.getId()));
That will surely help.
Tomcat has the default timeout of 30 minutes.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
>> How are you checking to see if the session has changed? Are you looking
>> at request.getSession().getSessionId()? Or are you looking at some
>> particular object in your sessions to see if that has changed?
>
> I'm using request.getSession().getId().
Okay. Are you using cookies or URL-rewriting in order to track sessions?
Oh, and what is your session timeout?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGCtDH9CaO5/Lv0PARAvnOAJ96UWkR0rB2ECQekxX2sR2t8AoF1ACfd8zT
TAO7H0SsND7SCM5NGCrzMv0=
=ge36
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by "Nelson D. guerrero" <to...@nelsong.com>.
On Wed, 2007-03-28 at 16:14 -0400, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nelson,
>
> Nelson D. guerrero wrote:
> > I've made a little jsp to show me the current session I'm on, when using
> > it on a standalone tomcat server the session never changes, when I move
> > it to an apache httpd server with mod_jk connected to the same tomcat
> > server the session still doesn't change, but when I add some traffic to
> > both the httpd server and the tomcat server, the sessions start changing
> > with every click and I'm having some trouble with the applications I'm
> > deploying.
>
> Hmm...
>
> How are you checking to see if the session has changed? Are you looking
> at request.getSession().getSessionId()? Or are you looking at some
> particular object in your sessions to see if that has changed?
>
> - -chris
Hello Chris,
I'm using request.getSession().getId().
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Session Problems Apache httpd -> tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nelson,
Nelson D. guerrero wrote:
> I've made a little jsp to show me the current session I'm on, when using
> it on a standalone tomcat server the session never changes, when I move
> it to an apache httpd server with mod_jk connected to the same tomcat
> server the session still doesn't change, but when I add some traffic to
> both the httpd server and the tomcat server, the sessions start changing
> with every click and I'm having some trouble with the applications I'm
> deploying.
Hmm...
How are you checking to see if the session has changed? Are you looking
at request.getSession().getSessionId()? Or are you looking at some
particular object in your sessions to see if that has changed?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGCsyw9CaO5/Lv0PARAm2SAJ48zwj+vKl93aVrTR4sfnckUHi0SACeL83w
mpokRjvjYteocnpnwXgrpvA=
=BNrw
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org