You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Timothy Washington <ti...@yahoo.ca> on 2008/04/23 01:28:52 UTC
Tomcat not sending JSESSIONID (servlet session cookie) with new sessions
Hello there - newbie question. I'm developing a browser-based application. I i) copy the war file to the webapps/ directory, ii) startup tomcat and iii) send an http request from Firefox.
In my handling servlet, if a session doesn't exist for this client, then I create one (via request.getSession(true)). I expect that cookie (and by extension the session) to still be there on the next request. However, tomcat's HTTP response to the first request does not include the JSESSIONID cookie. So effectively my application is still only request scoped (tomcat is creating a new session with each request).
How can I get tomcat ( I've tried tomcat-5.5.25 and tomcat-6.0.16 ) to reliably send the JSESSIONID cookie when a new session has been created? I turned on Tomcat 6's RequestDumperValve, and got debugging info that indicates that the JSESSIONID is being generated in the response. However, when my browser receives the response, the cookie isn't there.
Tomcat's RequestDumperValve Log (on response)
END EchoServlet EV: <userSession xmlns='com/interrupt/bookkeeping/users' id='686bbca4f757b9ab4bae280
3119786e7249-7ffb' groupid='webkell' userid='root' />
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: ---------------------------------------------------------------
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: authType=null
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: contentLength=95
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: contentType=null
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: cookie=JSESSIONID=6014EF8C55BC4705D28863D117B1B334; domain=null; path=/webkell
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: header=Content-Length=95
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: header=Date=Tue, 22 Apr 2008 23:18:35 GMT
Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: message=null
Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: remoteUser=null
Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: status=200
Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
INFO: ===============================================================
Firefox Request Headers (from LiveHTTPHeaders):
POST /webkell/webkell HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://localhost:8080/webkell/
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Firefox Response Headers (from LiveHTTPHeaders):
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 95
Date: Tue, 22 Apr 2008 23:18:35 GMT
Thanks for any help
Tim
__________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at
http://ca.toolbar.yahoo.com.
Re: Tomcat not sending JSESSIONID (servlet session cookie) with new
sessions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Len,
Len Popp wrote:
| Have you set cookies="false" in the app's <Context> declaration?
| That'd do it.
That wouldn't explain why Tomcat is adding the cookie to the response,
but the cookie isn't making it across the wire.
Tim, can you tell us a little more about the path of execution? I'm
wondering if you are handling a request, modifying the response, and
then forwarding (on the server side) to another process that maybe
blanks-out the response and effectively kills the cookie or something
like that.
Is there any SSL involved at all? I wouldn't expect the behavior you
describe to result from crossing an SSL boundary (I would expect the
browser to get the cookie, but refuse to send it with the next request).
Are there any special filters or valves that are being applied that
might be modifying the behavior of the response?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgOnOkACgkQ9CaO5/Lv0PBUIQCdH1Q39DcjEM7dm6caLbHLEIrz
PuQAnRuxPKiKx10EnGbV9fyM2ENTLSit
=ULgz
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat not sending JSESSIONID (servlet session cookie) with new sessions
Posted by Len Popp <le...@gmail.com>.
Have you set cookies="false" in the app's <Context> declaration? That'd do it.
What happens if you put a trivial test.jsp in webapps/ROOT and request
http://www.yourserver.com/test.jsp? By default a JSP will create a
session and you should get a JSESSIONID cookie.
--
Len
On Tue, Apr 22, 2008 at 7:28 PM, Timothy Washington
<ti...@yahoo.ca> wrote:
> Hello there - newbie question. I'm developing a browser-based application. I i) copy the war file to the webapps/ directory, ii) startup tomcat and iii) send an http request from Firefox.
>
> In my handling servlet, if a session doesn't exist for this client, then I create one (via request.getSession(true)). I expect that cookie (and by extension the session) to still be there on the next request. However, tomcat's HTTP response to the first request does not include the JSESSIONID cookie. So effectively my application is still only request scoped (tomcat is creating a new session with each request).
>
> How can I get tomcat ( I've tried tomcat-5.5.25 and tomcat-6.0.16 ) to reliably send the JSESSIONID cookie when a new session has been created? I turned on Tomcat 6's RequestDumperValve, and got debugging info that indicates that the JSESSIONID is being generated in the response. However, when my browser receives the response, the cookie isn't there.
>
>
> Tomcat's RequestDumperValve Log (on response)
> END EchoServlet EV: <userSession xmlns='com/interrupt/bookkeeping/users' id='686bbca4f757b9ab4bae280
> 3119786e7249-7ffb' groupid='webkell' userid='root' />
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: ---------------------------------------------------------------
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: authType=null
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: contentLength=95
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: contentType=null
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: cookie=JSESSIONID=6014EF8C55BC4705D28863D117B1B334; domain=null; path=/webkell
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: header=Content-Length=95
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: header=Date=Tue, 22 Apr 2008 23:18:35 GMT
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: message=null
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: remoteUser=null
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: status=200
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve invoke
> INFO: ===============================================================
>
>
> Firefox Request Headers (from LiveHTTPHeaders):
> POST /webkell/webkell HTTP/1.1
> Host: localhost:8080
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
> Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Referer: http://localhost:8080/webkell/
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 63
>
>
> Firefox Response Headers (from LiveHTTPHeaders):
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Content-Length: 95
> Date: Tue, 22 Apr 2008 23:18:35 GMT
>
>
> Thanks for any help
> Tim
>
>
>
> __________________________________________________________________
> Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your favourite sites. Download it now at
> http://ca.toolbar.yahoo.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat not sending JSESSIONID (servlet session cookie) with new sessions
Posted by Martin Gainty <mg...@hotmail.com>.
Tim
try
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletResponse
html
Encodes the specified URL by including the session ID in it, or,
if encoding is not needed, returns the URL unchanged.
The implementation of this method includes the logic to determine whether
the session ID needs to be encoded in the URL.
For example, if the browser supports cookies,
or session tracking is turned off,
URL encoding is unnecessary.
<a
href="<%=response.encodeURL("http://www.idontknow.com/Idunno.html")%>">Mongo
only pawn in game of life</a>
In your Servlet code
response.sendRedirect(encodeRedirectURL(http://www.idontknow.html));
HTH
Martin-
----- Original Message -----
From: "Timothy Washington" <ti...@yahoo.ca>
To: <us...@tomcat.apache.org>
Sent: Tuesday, April 22, 2008 7:28 PM
Subject: Tomcat not sending JSESSIONID (servlet session cookie) with new
sessions
> Hello there - newbie question. I'm developing a browser-based application.
I i) copy the war file to the webapps/ directory, ii) startup tomcat and
iii) send an http request from Firefox.
>
> In my handling servlet, if a session doesn't exist for this client, then I
create one (via request.getSession(true)). I expect that cookie (and by
extension the session) to still be there on the next request. However,
tomcat's HTTP response to the first request does not include the JSESSIONID
cookie. So effectively my application is still only request scoped (tomcat
is creating a new session with each request).
>
> How can I get tomcat ( I've tried tomcat-5.5.25 and tomcat-6.0.16 ) to
reliably send the JSESSIONID cookie when a new session has been created? I
turned on Tomcat 6's RequestDumperValve, and got debugging info that
indicates that the JSESSIONID is being generated in the response. However,
when my browser receives the response, the cookie isn't there.
>
>
> Tomcat's RequestDumperValve Log (on response)
> END EchoServlet EV: <userSession xmlns='com/interrupt/bookkeeping/users'
id='686bbca4f757b9ab4bae280
> 3119786e7249-7ffb' groupid='webkell' userid='root' />
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: ---------------------------------------------------------------
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: authType=null
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: contentLength=95
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: contentType=null
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: cookie=JSESSIONID=6014EF8C55BC4705D28863D117B1B334;
domain=null; path=/webkell
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: header=Content-Length=95
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: header=Date=Tue, 22 Apr 2008 23:18:35 GMT
> Apr 22, 2008 7:18:35 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: message=null
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: remoteUser=null
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: status=200
> Apr 22, 2008 7:18:36 PM org.apache.catalina.valves.RequestDumperValve
invoke
> INFO: ===============================================================
>
>
> Firefox Request Headers (from LiveHTTPHeaders):
> POST /webkell/webkell HTTP/1.1
> Host: localhost:8080
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14)
Gecko/20080404 Firefox/2.0.0.14
> Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Referer: http://localhost:8080/webkell/
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 63
>
>
> Firefox Response Headers (from LiveHTTPHeaders):
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> Content-Length: 95
> Date: Tue, 22 Apr 2008 23:18:35 GMT
>
>
> Thanks for any help
> Tim
>
>
> __________________________________________________________________
> Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your
favourite sites. Download it now at
> http://ca.toolbar.yahoo.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org