You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/01/20 19:34:14 UTC
DO NOT REPLY [Bug 33182] New: -
Session ID inconsistent on include/forward between web applications
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33182
Summary: Session ID inconsistent on include/forward between web
applications
Product: Tomcat 5
Version: 5.0.28
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: adamb@atg.com
I have a single ear file with multiple was files deployed on Tomcat.
A quick summary is that if I include to another web app, that web app's session
id comes back as the session id of the web app originating the request.
But if I just load the included page directly I see a different session id.
I feel that if each web app is going to have a separate session id, then that id
should be consistent no matter how a given page in that app is access (either
via include, forward or a standard top level http request)
Let's call them /app1 and /app2
I have a page called session.jsp with the following
<%=session.getId()%>
I visit /app1/session.jsp and get a sessionid, call it SESSIONID1
Next I visit /app2/session.jsp and get a different session id call it SESSIONID2
Fine, no problems yet.
Now, I have a page in /app1 that includes another page from /app2.
Call these page /app1/include.jsp and /app2/included.jsp
--------
/app1/include.jsp:
In /app1 sessionid= <%=session.getId%> <BR>
<%
RequestDispatcher d = ... (get other context etc...)
d.include(request,response);
%>
------
/app2/included.jsp:
In /app2 sessionid=<%=session.getId()%>
When loading /app1/include.jsp both /app1/include.jsp and /app2/included.jsp give
me the same sessionid! That's not consistent with the session id I was given
when the same browser instance loaded these pages directly. I did this quickly
enough
so that session invalidation is not the cause.
Because these session ids are inconsistent I cannot track per session data beween
more than one web app. There is no single "key" that I can use to uniquely
identify a user.
Behavior of other app servers:
BEA: Gives a separate sessionid per web application. But if I forward/include
between web applications I get the sessionid of the application I include to.
WAS: Gives the same session id for each web application visted by the same
browser. Different session objects, but the same id!
ATG Dynamo: Same behavor as WAS.
Thanks in advance for your attention.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org