You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by GCT <GC...@csi.it> on 2000/11/29 18:17:16 UTC

Problem with Session tracking API using with Tomcat 3.1 and Reverse Proxy


Hi!

I've encountered the following problem using the Session Tracking API
 in Tomcat 3.1.

 I use servlets (not JSP!) under the following environment:

 java 1.2.2
 tomcat 3.1 (servlet.jar version 2.2)
 apache ????

For invalidating a session, in the servlet scope, I use the following code:

HttpSession session = req.getSession(true);
session.invalidate();
session = req.getSession(true);

The code works fine if I DO NOT USE reverse proxy.
Of couse the client (i.e. IExplorer 5.0 or Netscape 4.5/4.7) is set to accept
cookies.

But when I DO use reverse proxy with the same client (accepting cookies, too),
the server is unable to save the
session-id.
It appears not to be a cookie problem because if I try to write a cookie this
way (in the servlet scope, too) :

cookie=setCookie("xyz","123");
res.addCookie(cookie);

and then continuing :

res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println(...)

from other servlets, I can read the value of cookie xyz, BUT I can't read no way
 the cookie (named JSESSIONID) used by
the Session Tracking API of Tomcat 3.1 to save session-id.
So the session isn't correcty tracked and the servlet wrongly thinks new
sessions are started.

Put in other words, it seems that req.getSessione(true) isn't able to save
properly the cookie JSESSIONID when
using reverse proxy mechanism.

Can anyone help me?

Paolo Tavano
Csi Piemonte