You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Diego Ruotolo <dr...@noemalife.com> on 2011/05/25 10:34:40 UTC
Tomcat 5.5.27, session lost, cookies
Hi,
this is my first post to this list. Maybe it's a post more related to
the developers list, if so please tell me so and I will send it to that
list.
Working with my company's webapp, I noticed a strange behaviour:
sometimes http session, managed through JSESSIONID cookie, is lost. We
use Tomcat 5.5.27 on Windows.
Debugging Tomcat classes using the Eclipse debugger, I noticed that this
happens because cookies are not correctly parsed, in fact:
* Cookies (class org.apache.tomcat.util.http.Cookies) are instantiated
when a new Request (class org.apache.coyote.Request) is created.
* Constructor of class Cookies accept a MimeHeaders as argument.
* Cookies are parsed using the method getCookieCount(): this method
sets the boolean variable "unprocessed" to false and call the method
processCookies() for processing cookis from the header (that is the
argument of the Cookies class constructor)
Everything works fine, but sometimes it happens that even if cookies are
correctly inserted in the request header (I can see it!) and
"unprocessed" variable of class Cookies is set to false (== cookies
parsed) , the cookies are NOT parsed: in fact the ServerCookie array is
empty!
It seems that is a time-related issue: IMHO the problem is that
sometimes cookies are parsed BEFORE header is parsed.
Hope I've been clear...
Is this a known problem? Any suggestions? Maybe there is some
"configuration tricks" I can use to avoid this problem?
Thanks in advice,
best regards
--
Ing. Diego Ruotolo
Software developer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Filippo,
On 5/27/2011 4:33 AM, Filippo Machi wrote:
> On Fri, May 27, 2011 at 12:12 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>> The value itself is blank, or the value /contains/ a blank?
>
> the value contains a blank
The problem is likely that more recent versions of Tomcat enforce the
cookie specification a little more strictly: cookie values with certain
characters in them (such as spaces) require that the value be quoted.
> here it's an example, I used firebug to grab the cookie header contained in
> the request:
>
> AA=01*49qmsEhufMY7I6g/OnGT2tN3ThrCZH6vJ342kTDsssuRgEhlqwftbRTaikwi9I3HIx5yoK1ng4tY
> 5JuIUe3x9o0Jptimu3uvVgeQAKc5htM=;
> __utma=125866390.1346069185.1295258223.1306326749.1306484681.40;
> __utmz=125866390.1306326795.39.29.utmcsr=....
>
>
> as you can see there are different cookies, the first one (AA) it's the
> guilty. It has a blank here
>
> ...4tY 5Ju...
Yup, that needs to be quoted.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3lPnAACgkQ9CaO5/Lv0PBw7wCgjRfYtPLgf3Kv0lrPbPq07RvV
MFgAn1ePqTRpq7ovx7ROxl9itFkE+6sp
=neXE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Diego Ruotolo <dr...@noemalife.com>.
Hi Chris,
many thanks for your suggestion. Next week I will try to remove the
cookie in excess and I'll tell you the result.
Best regards
Il 01/06/2011 16.29, Christopher Schultz ha scritto:
> Diego,
>
> On 6/1/2011 6:27 AM, Diego Ruotolo wrote:
> > BTW, in my previous mails I tell you about the architecture used in our
> > webapp, I send you the HTTP logs as returned by the access log valve and
>
> The logs are not useful, since they don't contain headers.
>
> > I said we use 3 cookies:
>
> > - JSESSIONID, with value of generated session id
> > - jsessionid, same as before, just the name in lower case
>
> Cookie names are case-insensitive, so using JSESSIONID as well as
> jsessionid is going to cause problems.
>
> http://www.ietf.org/rfc/rfc2109.txt
>
> See sections 4.1 (specifically the definition of "attr" and the comment
> following it) and 4.2.2 where "NAME" is defined to be an "attr".
>
> -chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
--
Diego Ruotolo - NoemaLife S.p.A.
Ing. Diego Ruotolo
Software developer
NoemaLife S.p.A.
Via Gobetti, 52
40129 Bologna - ITALY
T +39 051 70.98.249
F +39 051 41.93.900
www.noemalife.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Diego,
On 6/1/2011 6:27 AM, Diego Ruotolo wrote:
> BTW, in my previous mails I tell you about the architecture used in our
> webapp, I send you the HTTP logs as returned by the access log valve and
The logs are not useful, since they don't contain headers.
> I said we use 3 cookies:
>
> - JSESSIONID, with value of generated session id
> - jsessionid, same as before, just the name in lower case
Cookie names are case-insensitive, so using JSESSIONID as well as
jsessionid is going to cause problems.
http://www.ietf.org/rfc/rfc2109.txt
See sections 4.1 (specifically the definition of "attr" and the comment
following it) and 4.2.2 where "NAME" is defined to be an "attr".
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3mTOQACgkQ9CaO5/Lv0PAkigCdGg8MRl9CgnXspAA1u3HWeQD7
BLIAn1nwH4DHkgqL5KwQ4QnySJERQsnf
=CKtT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Diego Ruotolo <dr...@noemalife.com>.
Hi Chris,
as I said in one of my previous mail, I'm not able to reproduce the
error anymore. I'm trying to figuring out what's changed (some commit
made by someone of our team), and next week I'll test it on some other
test environments. I'm trying to collect all the details to send you
accurate info, but I need to reproduce the error to do so.
BTW, in my previous mails I tell you about the architecture used in our
webapp, I send you the HTTP logs as returned by the access log valve and
I said we use 3 cookies:
- JSESSIONID, with value of generated session id
- jsessionid, same as before, just the name in lower case
- I18N, containing value <generation_time>&<i18n> , s.a.: 1234567890&IT_it
When I'll have more details about this issue, I'll send you as soon as
possible.
I would like to thank you for your precious help and support,
best regards
Il 31/05/2011 21.18, Christopher Schultz ha scritto:
> Diego,
>
> You should send us an example. It looks like you have done a lot of
> investigation into the issue, but you won't give us any details. Please
> provide some.
>
> -chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Diego,
On 5/27/2011 9:16 AM, Diego Ruotolo wrote:
> Il 27/05/2011 15.04, Filippo Machi ha scritto:
>> @Filippo: Ciao! There are no "strange" or blank character on cookie
>> value, it's just the JSESSIONID "as is". It's a value generated by
>> Tomcat, isn't it?
>>
>> Ciao Diego,
>> I meant, maybe there's ANOTHER cookie in the incoming request that contains
>> one or
>> more not valid characters and it causes tomcat to fail the parsing of all
>> other cookies,
>> included the JSESSIONID one.
>> ciao
>> Fil
> Mmm... no. There are just 2 cookies: JSESSIONID and I18n cookie : the
> latter contains just values like "IT_it" . Sometimes ALSO a dup
> JSESSIONID is set, or a "jsessionid" (in lower case) : that's part of
> our webapp, maybe I should fix it... :-)
> Thanks,
You should send us an example. It looks like you have done a lot of
investigation into the issue, but you won't give us any details. Please
provide some.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3lPusACgkQ9CaO5/Lv0PCsfQCdG1scwKFHyjkOG68RzHmHXSrH
vgkAmwbC1wVkUTurRovSlOTl1MnxIEwr
=+4m9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Diego Ruotolo <dr...@noemalife.com>.
Il 27/05/2011 15.04, Filippo Machi ha scritto:
> @Filippo: Ciao! There are no "strange" or blank character on cookie
> value, it's just the JSESSIONID "as is". It's a value generated by
> Tomcat, isn't it?
>
> Ciao Diego,
> I meant, maybe there's ANOTHER cookie in the incoming request that contains
> one or
> more not valid characters and it causes tomcat to fail the parsing of all
> other cookies,
> included the JSESSIONID one.
> ciao
> Fil
Mmm... no. There are just 2 cookies: JSESSIONID and I18n cookie : the
latter contains just values like "IT_it" . Sometimes ALSO a dup
JSESSIONID is set, or a "jsessionid" (in lower case) : that's part of
our webapp, maybe I should fix it... :-)
Thanks,
ciao
--
Ing. Diego Ruotolo
Software developer
Re: Tomcat 5.5.27, session lost, cookies
Posted by Filippo Machi <fi...@gmail.com>.
On Fri, May 27, 2011 at 12:26 PM, Diego Ruotolo <dr...@noemalife.com>wrote:
> Hi everybody !
>
> Thanks to all of you for your replies. Unfortunately (or fortunately) I
> spent the whole morning trying to reproduce the problem but everything
> works fine today!
>
> @Filippo: Ciao! There are no "strange" or blank character on cookie
> value, it's just the JSESSIONID "as is". It's a value generated by
> Tomcat, isn't it?
>
Ciao Diego,
I meant, maybe there's ANOTHER cookie in the incoming request that contains
one or
more not valid characters and it causes tomcat to fail the parsing of all
other cookies,
included the JSESSIONID one.
ciao
Fil
Re: Tomcat 5.5.27, session lost, cookies
Posted by Diego Ruotolo <dr...@noemalife.com>.
Hi everybody !
Thanks to all of you for your replies. Unfortunately (or fortunately) I
spent the whole morning trying to reproduce the problem but everything
works fine today!
@Filippo: Ciao! There are no "strange" or blank character on cookie
value, it's just the JSESSIONID "as is". It's a value generated by
Tomcat, isn't it?
@Marcos: I have no logs... I tried to log this morning using log4j at
DEBUG level, but, as I said in the beginning, everything works fine today...
@Christopher: here's the access logs, with all the HTTP calls
(everything's fine, these are NOT the logs of the fail scenario):
127.0.0.1 - - [27/May/2011:11:29:41 +0200] "POST
/servlet/it.dianoema.dnweb.library.servlets.Automation HTTP/1.1" 200 2070
127.0.0.1 - - [27/May/2011:11:29:41 +0200] "POST
/servlet/it.dianoema.dnweb.library.servlets.ConsoleServlet HTTP/1.1" 200
1698
127.0.0.1 - - [27/May/2011:11:29:41 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.StampaEtichette?azione=PRINT&stampante_autom=false&printer=Etichette
HTTP/1.1" 200 6066
127.0.0.1 - - [27/May/2011:11:29:45 +0200] "POST
/servlet/it.dianoema.dnweb.dnlis.servlets.AzioniSuRichieste HTTP/1.1" 200 7
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "POST
/servlet/it.dianoema.dnweb.dnlis.servlets.GetSkel HTTP/1.1" 200 7
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.StampaEtichette?azione=VOID
HTTP/1.1" 200 582
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.GetFiltro?TEMPLATE=templates/gsp/head.template
HTTP/1.1" 200 5489
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dngsp.ShowQuery?TEMPLATE=templates%2Fgsp%2Flist.template&ELENCO=Pazienti&SESSION_REM=ALL&QUERY=PazientiGSP&FIELD_Reparto=noe_dnweb&FIELD_ExtCodice=&FIELD_Codice=&FIELD_CodiceRicovero=&FIELD_Cognome=&FIELD_Nome=&FIELD_00_DataUltimaRichiesta=&FIELD_01_DataUltimaRichiesta=&COND_Cognome=+LIKE+&COND_Nome=+LIKE+&COND_00_DataUltimaRichiesta=SHORT_DATE%3E%3D&COND_01_DataUltimaRichiesta=SHORT_DATE%3C%3D&SORTS=&AGG_REP=yes&REP_IN=yes
HTTP/1.1" 200 42222
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.GetSkel?SKEL=/dnlis/templates/gsp/tail.template&GSP=ON&AMB=OFF
HTTP/1.1" 200 2280
127.0.0.1 - - [27/May/2011:11:30:12 +0200] "GET
/servlet/it.dianoema.dnweb.dnlis.servlets.Context HTTP/1.1" 200 2565
I'll explain you our flow:
we call the servlet Automation that starts a thread who sequentially
calls all the other servlets, when the thread has finished the control
is returned to Automation servlet.
Not all servlet are called by thread: lots of them are invoked because
the previous servlet returned an HTML page containing frames that have a
servlet URL in the src attribute. Let's make an example:
Automation --> Thread started --> Call servlet 1 --> HTML is returned
--> Call servlet 2 (it's in the HTML page) --> Thread end --> Automation
Usually the problem occours when invoking servlet from the HTML page
(servlet 2 in the example above, servlet called GetFiltro in the access
logs).
Things I've tried to do:
- increase size of connector input stream buffer, from 2048 to 4096,
using bufferSize attribute
- force the "Set-Cookie" attribute in every response, forcing the
JSESSIONID cookie
If you want I have the entire HTTP headers of request/response.
I'll try again to reproduce the problem, I will send you more details
when it will occour again.
Thanks everybody!
Best regards
Il 27/05/2011 10.33, Filippo Machi ha scritto:
> Ciao!
> Please read my comment inline..
>
> On Fri, May 27, 2011 at 12:12 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
> Filippo,
>
> On 5/26/2011 10:50 AM, Filippo Machi wrote:
> >>> One of our legacy (non java) server was used to put a blank (' ')
> character
> >>> as value of a cookie.
>
> The value itself is blank, or the value /contains/ a blank?
>
>
> > the value contains a blank
>
>
>
> Please give us an example of a "Cooke:" header from your client and
> maybe we can suggest a solution (a few come to mind, but I'm unwilling
> to describe them until I see an example).
>
>
> > here it's an example, I used firebug to grab the cookie header
> contained in
> > the request:
>
> >
> AA=01*49qmsEhufMY7I6g/OnGT2tN3ThrCZH6vJ342kTDsssuRgEhlqwftbRTaikwi9I3HIx5yoK1ng4tY
> > 5JuIUe3x9o0Jptimu3uvVgeQAKc5htM=;
> > __utma=125866390.1346069185.1295258223.1306326749.1306484681.40;
> > __utmz=125866390.1306326795.39.29.utmcsr=....
>
>
> > as you can see there are different cookies, the first one (AA) it's the
> > guilty. It has a blank here
>
> > ...4tY 5Ju...
>
> > thanks
> > Fil
>
>
>
> -chris
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
--
Diego Ruotolo - NoemaLife S.p.A.
Ing. Diego Ruotolo
Software developer
NoemaLife S.p.A.
Via Gobetti, 52
40129 Bologna - ITALY
T +39 051 70.98.249
F +39 051 41.93.900
www.noemalife.com
Re: Tomcat 5.5.27, session lost, cookies
Posted by Filippo Machi <fi...@gmail.com>.
Ciao!
Please read my comment inline..
On Fri, May 27, 2011 at 12:12 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Filippo,
>
> On 5/26/2011 10:50 AM, Filippo Machi wrote:
> > One of our legacy (non java) server was used to put a blank (' ')
> character
> > as value of a cookie.
>
> The value itself is blank, or the value /contains/ a blank?
>
the value contains a blank
>
> Please give us an example of a "Cooke:" header from your client and
> maybe we can suggest a solution (a few come to mind, but I'm unwilling
> to describe them until I see an example).
>
here it's an example, I used firebug to grab the cookie header contained in
the request:
AA=01*49qmsEhufMY7I6g/OnGT2tN3ThrCZH6vJ342kTDsssuRgEhlqwftbRTaikwi9I3HIx5yoK1ng4tY
5JuIUe3x9o0Jptimu3uvVgeQAKc5htM=;
__utma=125866390.1346069185.1295258223.1306326749.1306484681.40;
__utmz=125866390.1306326795.39.29.utmcsr=....
as you can see there are different cookies, the first one (AA) it's the
guilty. It has a blank here
...4tY 5Ju...
thanks
Fil
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk3e0EcACgkQ9CaO5/Lv0PD6ZgCfZYbQ0mgHBVH7lCiGEiiQ5jwd
> YWsAmwUmoJuGlbNvIRouWyWXLbSPsq6o
> =U5r9
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Tomcat 5.5.27, session lost, cookies
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Filippo,
On 5/26/2011 10:50 AM, Filippo Machi wrote:
> One of our legacy (non java) server was used to put a blank (' ') character
> as value of a cookie.
The value itself is blank, or the value /contains/ a blank?
Please give us an example of a "Cooke:" header from your client and
maybe we can suggest a solution (a few come to mind, but I'm unwilling
to describe them until I see an example).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3e0EcACgkQ9CaO5/Lv0PD6ZgCfZYbQ0mgHBVH7lCiGEiiQ5jwd
YWsAmwUmoJuGlbNvIRouWyWXLbSPsq6o
=U5r9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Posted by Filippo Machi <fi...@gmail.com>.
Ciao Diego!
While working with cookies, we had some issues handling not valid
characters.
One of our legacy (non java) server was used to put a blank (' ') character
as value of a cookie.
But it seems that blank it's a forbidden char so tomcat was not able to
parse the cookie value.
Is it possible that in the scenario you described there's a any other cookie
containing
some not valid characters that prevent tomcat to handle all cookies
correctly?
If you have any doubt on that, you may try to access the cookie header
directly in order to see
which cookies the request contains.
HTH
Fil
On Thu, May 26, 2011 at 4:55 PM, Marcos Ortiz <ml...@uci.cu> wrote:
> On 05/26/2011 04:28 AM, Diego Ruotolo wrote:
>
>> Hi,
>>
>> any suggestion for this problem?
>>
>> Thanks,
>>
>> best regards
>>
>> Il 25/05/2011 10.34, Diego Ruotolo ha scritto:
>>
>>> Hi,
>>>
>>> this is my first post to this list. Maybe it's a post more related to
>>> the developers list, if so please tell me so and I will send it to that
>>> list.
>>>
>>> Working with my company's webapp, I noticed a strange behaviour:
>>> sometimes http session, managed through JSESSIONID cookie, is lost. We
>>> use Tomcat 5.5.27 on Windows.
>>> Debugging Tomcat classes using the Eclipse debugger, I noticed that this
>>> happens because cookies are not correctly parsed, in fact:
>>>
>>> * Cookies (class org.apache.tomcat.util.http.Cookies) are instantiated
>>> when a new Request (class org.apache.coyote.Request) is created.
>>> * Constructor of class Cookies accept a MimeHeaders as argument.
>>> * Cookies are parsed using the method getCookieCount(): this method
>>> sets the boolean variable "unprocessed" to false and call the method
>>> processCookies() for processing cookis from the header (that is the
>>> argument of the Cookies class constructor)
>>>
>>>
>>> Everything works fine, but sometimes it happens that even if cookies are
>>> correctly inserted in the request header (I can see it!) and
>>> "unprocessed" variable of class Cookies is set to false (== cookies
>>> parsed) , the cookies are NOT parsed: in fact the ServerCookie array is
>>> empty!
>>> It seems that is a time-related issue: IMHO the problem is that
>>> sometimes cookies are parsed BEFORE header is parsed.
>>>
>>> Hope I've been clear...
>>>
>>> Is this a known problem? Any suggestions? Maybe there is some
>>> "configuration tricks" I can use to avoid this problem?
>>>
>>> Thanks in advice,
>>>
>>> best regards
>>>
>>
>> What say your Tomcat logs?
>
>
> --
> Marcos Luis Ortiz Valmaseda
> Software Engineer (Distributed Systems)
> http://uncubanitolinuxero.blogspot.com
>
>
Re: Tomcat 5.5.27, session lost, cookies
Posted by Marcos Ortiz <ml...@uci.cu>.
On 05/26/2011 04:28 AM, Diego Ruotolo wrote:
> Hi,
>
> any suggestion for this problem?
>
> Thanks,
>
> best regards
>
> Il 25/05/2011 10.34, Diego Ruotolo ha scritto:
>> Hi,
>>
>> this is my first post to this list. Maybe it's a post more related to
>> the developers list, if so please tell me so and I will send it to that
>> list.
>>
>> Working with my company's webapp, I noticed a strange behaviour:
>> sometimes http session, managed through JSESSIONID cookie, is lost. We
>> use Tomcat 5.5.27 on Windows.
>> Debugging Tomcat classes using the Eclipse debugger, I noticed that this
>> happens because cookies are not correctly parsed, in fact:
>>
>> * Cookies (class org.apache.tomcat.util.http.Cookies) are instantiated
>> when a new Request (class org.apache.coyote.Request) is created.
>> * Constructor of class Cookies accept a MimeHeaders as argument.
>> * Cookies are parsed using the method getCookieCount(): this method
>> sets the boolean variable "unprocessed" to false and call the method
>> processCookies() for processing cookis from the header (that is the
>> argument of the Cookies class constructor)
>>
>> Everything works fine, but sometimes it happens that even if cookies are
>> correctly inserted in the request header (I can see it!) and
>> "unprocessed" variable of class Cookies is set to false (== cookies
>> parsed) , the cookies are NOT parsed: in fact the ServerCookie array is
>> empty!
>> It seems that is a time-related issue: IMHO the problem is that
>> sometimes cookies are parsed BEFORE header is parsed.
>>
>> Hope I've been clear...
>>
>> Is this a known problem? Any suggestions? Maybe there is some
>> "configuration tricks" I can use to avoid this problem?
>>
>> Thanks in advice,
>>
>> best regards
>
What say your Tomcat logs?
--
Marcos Luis Ortiz Valmaseda
Software Engineer (Distributed Systems)
http://uncubanitolinuxero.blogspot.com
Re: Tomcat 5.5.27, session lost, cookies
Posted by Diego Ruotolo <dr...@noemalife.com>.
Hi,
any suggestion for this problem?
Thanks,
best regards
Il 25/05/2011 10.34, Diego Ruotolo ha scritto:
> Hi,
>
> this is my first post to this list. Maybe it's a post more related to
> the developers list, if so please tell me so and I will send it to that
> list.
>
> Working with my company's webapp, I noticed a strange behaviour:
> sometimes http session, managed through JSESSIONID cookie, is lost. We
> use Tomcat 5.5.27 on Windows.
> Debugging Tomcat classes using the Eclipse debugger, I noticed that this
> happens because cookies are not correctly parsed, in fact:
>
> * Cookies (class org.apache.tomcat.util.http.Cookies) are instantiated
> when a new Request (class org.apache.coyote.Request) is created.
> * Constructor of class Cookies accept a MimeHeaders as argument.
> * Cookies are parsed using the method getCookieCount(): this method
> sets the boolean variable "unprocessed" to false and call the method
> processCookies() for processing cookis from the header (that is the
> argument of the Cookies class constructor)
>
> Everything works fine, but sometimes it happens that even if cookies are
> correctly inserted in the request header (I can see it!) and
> "unprocessed" variable of class Cookies is set to false (== cookies
> parsed) , the cookies are NOT parsed: in fact the ServerCookie array is
> empty!
> It seems that is a time-related issue: IMHO the problem is that
> sometimes cookies are parsed BEFORE header is parsed.
>
> Hope I've been clear...
>
> Is this a known problem? Any suggestions? Maybe there is some
> "configuration tricks" I can use to avoid this problem?
>
> Thanks in advice,
>
> best regards
--
Ing. Diego Ruotolo
Software developer
NoemaLife S.p.A.
Via Gobetti, 52
40129 Bologna - ITALY
T +39 051 70.98.249
F +39 051 41.93.900
www.noemalife.com
Re: Tomcat 5.5.27, session lost, cookies
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Diego,
On 5/25/2011 4:34 AM, Diego Ruotolo wrote:
> Everything works fine, but sometimes it happens that even if cookies are
> correctly inserted in the request header (I can see it!) and
> "unprocessed" variable of class Cookies is set to false (== cookies
> parsed) , the cookies are NOT parsed: in fact the ServerCookie array is
> empty!
> It seems that is a time-related issue: IMHO the problem is that
> sometimes cookies are parsed BEFORE header is parsed.
Cookies are in the HTTP header, so how can the cookies be parsed before
the header?
Can you give us an example of a valid HTTP request that Tomcat
incorrectly parses?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3eXzYACgkQ9CaO5/Lv0PDS7wCfYhLQM70UdcyhY87Q27cQbWEU
DRUAnAhiyPDYzxpl2+95KXcpa3Q/Dkg1
=BbuP
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org