You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2019/04/11 20:11:25 UTC
Re: [OT] Session Persistence Problems
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jerry,
On 4/10/19 23:56, Jerry Malcolm wrote:
> The only thing I can come up with is that I'm using some
> RewriteRules in httpd to map the complex url paths to single words
> like "/product". (SEO advisor told me to do that...)
Do you allow crawlers to crawl the authenticated parts of your
application? If not, then you are wasting your time with all that.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlyvn20ACgkQHPApP6U8
pFhgCw/+OToWJ/UyBipLetc810tAzTJdar0pbYaZJf6XKIkigg/4SFE1gfRa2PfQ
IbwylPMTXSAASeHqNfXYB/E28DD//h0LseRPPLjDFERC9msoOxIt53mqps4TGwEa
vVrefMU7+YSlXCBqkEZL1vLjGqHA2uEVpfskHlIO9Zx7BDWCmYQ6slEPpdOLml68
6lk2ESKapCTO46XxNud6kfIs4zulmudq+emWLenouZBroPlUb9MmRBM1wBwWh4o5
TE0x3v7MKJVXnCJPOFacWIF5deMjzYqKsEvjlAZnQfbxUFP/tKzUskQctwuCNg3J
W8ngrAbmFydJUVWaOEO9On5cDhrG65gX3TX9kRFsRKSn5Q3fTo4lRkSP6AAlGqr5
oy4Eq4lFuspZWa1oFE0fTjPP/TuumqHJAGMR6FGnBrlx7kr23E+efUGddUbw0/+U
RWCe0f06uNVw2KvGxIHx/l5Gm7AgxHQIzjuJHMcaToyr7r6eZ8OdGzfGV8oljuXZ
eCiigghmVe8C974mIs+u/DgS7YXHDB/bbyOgXMVqigFixsnp87sU3+H0pb2Y9epj
5vwMRhaGZf/Srkq4dT+9C7jf4J1CamXeXkBEjuBA+revG4Aj+TxeMKkVU4llNa8t
nscG6dnjSv3ut3e2E5DGT23+TGQuZSZ4NtVaZGZgbqfxt36f1eU=
=EWdf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] Session Persistence Problems
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 11.04.2019 22:56, Jerry Malcolm wrote:
>
> On 4/11/2019 3:11 PM, Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Jerry,
>>
>> On 4/10/19 23:56, Jerry Malcolm wrote:
>>> The only thing I can come up with is that I'm using some
>>> RewriteRules in httpd to map the complex url paths to single words
>>> like "/product". (SEO advisor told me to do that...)
>> Do you allow crawlers to crawl the authenticated parts of your
>> application? If not, then you are wasting your time with all that.
>>
> Only a portion of the site is authenticated. But whether or not it is an SEO advantage, I
> use this to customize the precise URL for different clients who use the same code on
> different domains. /product maps to a slightly different URL for clientA on domain A
> installation vs for clientB on domain B installation. So without some signification
> recoding, I need to keep using rewrites.
>
> But whether the merits are there for doing rewrites, the only thing I am concerned about
> is if doing rewrites is causing my sessions to mess up. Hence my question about how the
> browser and TC decide what session key to use for a particular url.
>
I honestly don't know. But searching Google for "java sessions" seems to provide quite a
few links to enlighten one on the matter.
Just looking at the titles, it does not seem to be Tomcat-related or browser-related per
se, and more related to Java itself, or more probably to the Java Servlet Specification
(which is also found easily in the web).
(See e.g. : https://javaee.github.io/servlet-spec/downloads/servlet-4.0/servlet-4_0_FINAL.pdf
Chapter 7 : sessions)
(ok, Chapter 7, item 7.1.1 Cookies, also says
"Containers may allow the name of the session tracking cookie to be customized
through container specific configuration."
So I guess that something in there may be specific to Tomcat also.
Back to the Tomcat docs then.
Hmm. Not particularly easy to find "sessions" in there, but I found this :
http://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Attributes
Look at "sessionCookieName".
So it looks like you can, at the level of a Context (in other words, one webapp), set the
cookie name into which to save the session-id for that webapp.
That seems to go some way into answering your question.
In any case, like me just now, it seems that you're gonna learn something about sessions..
(Note: It /is/ also browser-related, but probably only because the (any) browser will
"remember" the cookies sent by an application, and return them to the server each time the
browser accesses that same server later. And because such Java session-id's, most of the
time, are stored in cookies). If I remember well, most of the time, such a cookie has the
name "JSESSIONID". In the browser, find the place were you can view the cookies, and
search for the ones related to your application server (by DNS name). Then look at the
cookies which your browser stores for that site.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] Session Persistence Problems
Posted by Jerry Malcolm <te...@malcolms.com>.
On 4/11/2019 3:11 PM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jerry,
>
> On 4/10/19 23:56, Jerry Malcolm wrote:
>> The only thing I can come up with is that I'm using some
>> RewriteRules in httpd to map the complex url paths to single words
>> like "/product". (SEO advisor told me to do that...)
> Do you allow crawlers to crawl the authenticated parts of your
> application? If not, then you are wasting your time with all that.
>
Only a portion of the site is authenticated. But whether or not it is
an SEO advantage, I use this to customize the precise URL for different
clients who use the same code on different domains. /product maps to a
slightly different URL for clientA on domain A installation vs for
clientB on domain B installation. So without some signification
recoding, I need to keep using rewrites.
But whether the merits are there for doing rewrites, the only thing I am
concerned about is if doing rewrites is causing my sessions to mess up.
Hence my question about how the browser and TC decide what session key
to use for a particular url.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org