You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2005/01/20 19:34:14 UTC

DO NOT REPLY [Bug 33182] New: - Session ID inconsistent on include/forward between web applications

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33182>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33182

           Summary: Session ID inconsistent on include/forward between web
                    applications
           Product: Tomcat 5
           Version: 5.0.28
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: adamb@atg.com


I have a single ear file with multiple was files deployed on Tomcat.

A quick summary is that if I include to another web app, that web app's session
id comes back as the session id of the web app originating the request.
But if I just load the included page directly I see a different session id.
I feel that if each web app is going to have a separate session id, then that id
should be consistent no matter how a given page in that app is access (either
via include, forward or a standard top level http request)

Let's call them /app1 and /app2

I have a page called session.jsp with the following

<%=session.getId()%>

I visit /app1/session.jsp and get a sessionid, call it SESSIONID1
Next I visit /app2/session.jsp and get a different session id call it SESSIONID2

Fine, no problems yet.

Now, I have a page in /app1 that includes another page from /app2.

Call these page /app1/include.jsp and /app2/included.jsp

--------
/app1/include.jsp:

In /app1 sessionid= <%=session.getId%> <BR>

<%
RequestDispatcher d = ... (get other context etc...)
d.include(request,response);
%>
------
/app2/included.jsp:
In /app2 sessionid=<%=session.getId()%>


When loading /app1/include.jsp both /app1/include.jsp and /app2/included.jsp give
me the same sessionid! That's not consistent with the session id I was given
when the same browser instance loaded these pages directly. I did this quickly
enough
so that session invalidation is not the cause.
Because these session ids are inconsistent I cannot track per session data beween
more than one web app. There is no single "key" that I can use to uniquely
identify a user. 

Behavior of other app servers:

BEA: Gives a separate sessionid per web application. But if I forward/include
between web applications I get the sessionid of the application I include to.

WAS: Gives the same session id for each web application visted by the same
browser. Different session objects, but the same id!

ATG Dynamo: Same behavor as WAS.

Thanks in advance for your attention.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org