You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by GCT <GC...@csi.it> on 2000/11/29 18:17:16 UTC
Problem with Session tracking API using with Tomcat 3.1 and
Reverse Proxy
Hi!
I've encountered the following problem using the Session Tracking API
in Tomcat 3.1.
I use servlets (not JSP!) under the following environment:
java 1.2.2
tomcat 3.1 (servlet.jar version 2.2)
apache ????
For invalidating a session, in the servlet scope, I use the following code:
HttpSession session = req.getSession(true);
session.invalidate();
session = req.getSession(true);
The code works fine if I DO NOT USE reverse proxy.
Of couse the client (i.e. IExplorer 5.0 or Netscape 4.5/4.7) is set to accept
cookies.
But when I DO use reverse proxy with the same client (accepting cookies, too),
the server is unable to save the
session-id.
It appears not to be a cookie problem because if I try to write a cookie this
way (in the servlet scope, too) :
cookie=setCookie("xyz","123");
res.addCookie(cookie);
and then continuing :
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println(...)
from other servlets, I can read the value of cookie xyz, BUT I can't read no way
the cookie (named JSESSIONID) used by
the Session Tracking API of Tomcat 3.1 to save session-id.
So the session isn't correcty tracked and the servlet wrongly thinks new
sessions are started.
Put in other words, it seems that req.getSessione(true) isn't able to save
properly the cookie JSESSIONID when
using reverse proxy mechanism.
Can anyone help me?
Paolo Tavano
Csi Piemonte