You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Chugh, Sanjay" <sc...@filenet.com> on 2004/02/04 23:52:46 UTC
JSESSIONID problem.
Thanks. I have changed the subject because it better reflects the
problem after some analysis. Thanks to Papillon for suggesting to use
burp proxy. However, now I am at a loss to explain the behaviour after
analyzing the log from burp proxy.
When I run IE on my box and target TomCat on my box, and I click on a
link in my app which launches another window, the http header is:
======================================================
http://schughpc:8080 [10.32.2.41]
======================================================
GET /Workplace/FormServlet?cmd=blank&context=form HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, application/x-shockwave-flash, */*
Referer:
http://localhost:8080/Workplace/properties/DocumentForm.jsp?policyObject
StoreName=eForms&objectStoreName=eForms&vsId=%7B0A1D7877-B64B-4927-B698-
9642C6DB6B60%7D&windowId=56657&policyId=%7B14CBF1E8-606C-4D7F-AE88-54033
5681DD7%7D&returnUrl=http%3A%2F%2Flocalhost%3A8080%2FWorkplace%2FWcmBrow
se.jsp%3FwindowId%3DmainWindow&id=%7B8121190B-BF94-454D-92EB-2262A3FD71D
E%7D
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)
Host: schughpc:8080
======================================================
Here you can see the JSESSIONID cookie is missing when it was present in
all the headers grabbed by burp proxy prior to this one.
When I run IE on another machine but still target TomCat on my machine,
the http header for the same request looks like:
======================================================
http://schughpc:8080 [10.32.2.41]
======================================================
GET /Workplace/FormServlet?cmd=blank&context=form HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Referer:
http://schughpc:8080/Workplace/properties/DocumentForm.jsp?policyObjectS
toreName=eForms&objectStoreName=eForms&vsId=%7B0A1D7877-B64B-4927-B698-9
642C6DB6B60%7D&windowId=87588&policyId=%7B14CBF1E8-606C-4D7F-AE88-540335
681DD7%7D&returnUrl=http%3A%2F%2Fschughpc%3A8080%2FWorkplace%2FWcmBrowse
.jsp%3FwindowId%3DmainWindow&id=%7B8121190B-BF94-454D-92EB-2262A3FD71DE%
7D
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.0.3705)
Host: schughpc:8080
Cookie: JSESSIONID=68AF13A9B0FE3C8A200BDB594E753ECC
======================================================
You can see the cookie is present.
The requests afterwards use this cookie and everything works fine.
However in the latter case (where the cookie is missing), the next
request receives a new cookie and everything starts falling apart.
IE on both machine is set up identically.
If anyone knows or has any suggestions as to the problem, it would be
much appreciated.
Thanks,
-- Sanjay
-----Original Message-----
From: Papillon [mailto:leakim@wanadoo.fr]
Sent: Wednesday, February 04, 2004 2:02 PM
To: Tomcat Users List
Subject: Re: Is this a Tomcat problem? Someone please point me in
theright direction to solve this problem...
Try burp proxy (Thanks again Mr Yansheng Lin) to see differences. Your
server have only one ip ? No NAT on your network ? WAN adress ? My
problem is not the same but perhaps it can help you in research :
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg117526.htm
l
Good luck !
> De�: "Chugh, Sanjay" <sc...@filenet.com>
> R�pondre �: "Tomcat Users List" <to...@jakarta.apache.org>
Date�
> : Wed, 4 Feb 2004 12:43:40 -0700 ��: "Tomcat Users List"
> <to...@jakarta.apache.org> Objet�: Is this a Tomcat problem?
> Someone please point me in the right direction to solve this
> problem...
>
> I am part of a large team working on a java project with Tomcat. We
> are using jdk1.3.1 and Tomcat 4.1.18. The problem is that the latest
> build of our application has a problem on my machine. I've tracked it
> down to what seems like a problem with the session. When code that
> retreives information from the session is executed, it is not giving a
> valid result back. The part that I am having problem with is that it
> is a problem only on my machine. In fact if I hit the Tomcat server on
> my machine from another machine on the network, then everything works
> fine as well. The same is true if I hit the Tomcat server on my
> machine from a virtual machine running also on my machine. It is only
> when I run the application itself on my machine. I did just check one
> other thing. That is I started IE on my machine but hit the tomcat
> server on another physical machine. This time the application worked
> fine on my machine. This is all very confusing, and I am at a loss to
> explain what is is on my machine or my tomcat server that is causing a
> problem.
>
> I've compared the different machine configuration (they are all pretty
> similar). The Internet Explore options on all the machines are
> identical.
>
> I would apreciate any ideas someone might have to offer.
>
> Thanks,
>
>
> -- Sanjay
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JSESSIONID problem.
Posted by Papillon <le...@wanadoo.fr>.
You say both IE are sames but you seems to have two differents OS windows
XP(server 2003 ?) and windows 2000
You've a lot security problems with XP so with cookies too.
Try to set the security very low, accept all type of cookies temporaly to be
sure it's not a security's windows problem...
Papillon
> De : "Chugh, Sanjay" <sc...@filenet.com>
> Répondre à : "Tomcat Users List" <to...@jakarta.apache.org>
> Date : Wed, 4 Feb 2004 15:52:46 -0700
> À : "Tomcat Users List" <to...@jakarta.apache.org>
> Objet : JSESSIONID problem.
>
> Thanks. I have changed the subject because it better reflects the
> problem after some analysis. Thanks to Papillon for suggesting to use
> burp proxy. However, now I am at a loss to explain the behaviour after
> analyzing the log from burp proxy.
> When I run IE on my box and target TomCat on my box, and I click on a
> link in my app which launches another window, the http header is:
>
> ======================================================
> http://schughpc:8080 [10.32.2.41]
> ======================================================
> GET /Workplace/FormServlet?cmd=blank&context=form HTTP/1.0
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
> application/vnd.ms-excel, application/vnd.ms-powerpoint,
> application/msword, application/x-shockwave-flash, */*
> Referer:
> http://localhost:8080/Workplace/properties/DocumentForm.jsp?policyObject
> StoreName=eForms&objectStoreName=eForms&vsId=%7B0A1D7877-B64B-4927-B698-
> 9642C6DB6B60%7D&windowId=56657&policyId=%7B14CBF1E8-606C-4D7F-AE88-54033
> 5681DD7%7D&returnUrl=http%3A%2F%2Flocalhost%3A8080%2FWorkplace%2FWcmBrow
> se.jsp%3FwindowId%3DmainWindow&id=%7B8121190B-BF94-454D-92EB-2262A3FD71D
> E%7D
> Accept-Language: en-us
> Proxy-Connection: Keep-Alive
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
> 1.0.3705)
> Host: schughpc:8080
>
>
> ======================================================
>
> Here you can see the JSESSIONID cookie is missing when it was present in
> all the headers grabbed by burp proxy prior to this one.
>
> When I run IE on another machine but still target TomCat on my machine,
> the http header for the same request looks like:
>
> ======================================================
> http://schughpc:8080 [10.32.2.41]
> ======================================================
> GET /Workplace/FormServlet?cmd=blank&context=form HTTP/1.0
> Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
> Referer:
> http://schughpc:8080/Workplace/properties/DocumentForm.jsp?policyObjectS
> toreName=eForms&objectStoreName=eForms&vsId=%7B0A1D7877-B64B-4927-B698-9
> 642C6DB6B60%7D&windowId=87588&policyId=%7B14CBF1E8-606C-4D7F-AE88-540335
> 681DD7%7D&returnUrl=http%3A%2F%2Fschughpc%3A8080%2FWorkplace%2FWcmBrowse
> .jsp%3FwindowId%3DmainWindow&id=%7B8121190B-BF94-454D-92EB-2262A3FD71DE%
> 7D
> Accept-Language: en-us
> Proxy-Connection: Keep-Alive
> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
> 1.0.3705)
> Host: schughpc:8080
> Cookie: JSESSIONID=68AF13A9B0FE3C8A200BDB594E753ECC
>
>
> ======================================================
>
> You can see the cookie is present.
> The requests afterwards use this cookie and everything works fine.
>
> However in the latter case (where the cookie is missing), the next
> request receives a new cookie and everything starts falling apart.
>
> IE on both machine is set up identically.
>
> If anyone knows or has any suggestions as to the problem, it would be
> much appreciated.
>
> Thanks,
>
> -- Sanjay
>
>
> -----Original Message-----
> From: Papillon [mailto:leakim@wanadoo.fr]
> Sent: Wednesday, February 04, 2004 2:02 PM
> To: Tomcat Users List
> Subject: Re: Is this a Tomcat problem? Someone please point me in
> theright direction to solve this problem...
>
>
> Try burp proxy (Thanks again Mr Yansheng Lin) to see differences. Your
> server have only one ip ? No NAT on your network ? WAN adress ? My
> problem is not the same but perhaps it can help you in research :
> http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg117526.htm
> l
>
> Good luck !
>
>
>
>> De : "Chugh, Sanjay" <sc...@filenet.com>
>> Répondre à : "Tomcat Users List" <to...@jakarta.apache.org>
> Date
>> : Wed, 4 Feb 2004 12:43:40 -0700 À : "Tomcat Users List"
>> <to...@jakarta.apache.org> Objet : Is this a Tomcat problem?
>> Someone please point me in the right direction to solve this
>> problem...
>>
>> I am part of a large team working on a java project with Tomcat. We
>> are using jdk1.3.1 and Tomcat 4.1.18. The problem is that the latest
>> build of our application has a problem on my machine. I've tracked it
>> down to what seems like a problem with the session. When code that
>> retreives information from the session is executed, it is not giving a
>
>> valid result back. The part that I am having problem with is that it
>> is a problem only on my machine. In fact if I hit the Tomcat server on
>
>> my machine from another machine on the network, then everything works
>> fine as well. The same is true if I hit the Tomcat server on my
>> machine from a virtual machine running also on my machine. It is only
>> when I run the application itself on my machine. I did just check one
>> other thing. That is I started IE on my machine but hit the tomcat
>> server on another physical machine. This time the application worked
>> fine on my machine. This is all very confusing, and I am at a loss to
>> explain what is is on my machine or my tomcat server that is causing a
>
>> problem.
>>
>> I've compared the different machine configuration (they are all pretty
>
>> similar). The Internet Explore options on all the machines are
>> identical.
>>
>> I would apreciate any ideas someone might have to offer.
>>
>> Thanks,
>>
>>
>> -- Sanjay
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org