You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rick Wong <rw...@opsware.com> on 2006/04/14 18:07:53 UTC
Re: IE 20 session cookies limitation
It's been a while since my last posting of this topic. I have a
work-around that perhaps someone may find it useful.
I worked around the issue by implementing a Tomcat Valve, and screen out
for the jsessionsso cookie on every request. If I find it, I reinsert
it back into the response within the valve to touch the timestamp of the
jssessionsso cookie. This way, when IE wants to throw away a cookie,
jsessionsso would be the last one it picks. It's not a perfect solution
but there is nothing I can do about IE's deficiency (how often do you
see Microsoft rigidly conforms to a spec?)
Thanks,
--
Rick
Rick Wong wrote:
> Hi,
>
> I am using Tomcat 5.0.26. I have 20+ web applications hooked up with
> single-sign-on. Each web application generates a JESSIONID session
> cookie with a different path, and shares a single JSESSIONIDSSO.
>
> When testing my suite of applications, I notice that IE consistently
> drops my login after accessing the 20th web application within a
> session. I did some research and learned about RFC 2109 where HTTP
> agents should support a minimum of 20 session cookies per domain.
> That appears to be just what IE does. The following Microsoft
> knowledgebase article explains that:
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I
> suspect JSESSIONIDSSO was the oldest cookie, and was the first to get
> dropped by IE when reaching over 20 session cookies. Firefox does not
> have this problem.
>
> Knowing that I cannot easily refactor the application suite to make
> less number of web application (< 19), I am wondering if anyone else
> has this problem, and if and how I might work around this IE limitation.
>
> Thanks,
> --
> Rick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: IE 20 session cookies limitation
Posted by Rick Wong <rw...@opsware.com>.
This is neat. Thanks!
--
Rick
Peter Rossbach wrote:
> Option is
>
> <Connector emptySessionPath="true" ... />
>
> Then all webapps share the same session id.
>
> Cheers
> Peter
>
>
>
> Am 16.04.2006 um 15:12 schrieb Tim Funk:
>
>> Check the docs - there is an option that will allow tomcat to use the
>> same jsessionid for all webapps.
>>
>> -Tim
>>
>> Rick Wong wrote:
>>
>>> It's been a while since my last posting of this topic. I have a
>>> work-around that perhaps someone may find it useful.
>>> I worked around the issue by implementing a Tomcat Valve, and screen
>>> out for the jsessionsso cookie on every request. If I find it, I
>>> reinsert it back into the response within the valve to touch the
>>> timestamp of the jssessionsso cookie. This way, when IE wants to
>>> throw away a cookie, jsessionsso would be the last one it picks.
>>> It's not a perfect solution but there is nothing I can do about IE's
>>> deficiency (how often do you see Microsoft rigidly conforms to a spec?)
>>> Thanks,
>>> --Rick
>>> Rick Wong wrote:
>>>> Hi,
>>>>
>>>> I am using Tomcat 5.0.26. I have 20+ web applications hooked up
>>>> with single-sign-on. Each web application generates a JESSIONID
>>>> session cookie with a different path, and shares a single
>>>> JSESSIONIDSSO.
>>>>
>>>> When testing my suite of applications, I notice that IE
>>>> consistently drops my login after accessing the 20th web
>>>> application within a session. I did some research and learned
>>>> about RFC 2109 where HTTP agents should support a minimum of 20
>>>> session cookies per domain. That appears to be just what IE does.
>>>> The following Microsoft knowledgebase article explains that:
>>>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I
>>>> suspect JSESSIONIDSSO was the oldest cookie, and was the first to
>>>> get dropped by IE when reaching over 20 session cookies. Firefox
>>>> does not have this problem.
>>>>
>>>> Knowing that I cannot easily refactor the application suite to make
>>>> less number of web application (< 19), I am wondering if anyone
>>>> else has this problem, and if and how I might work around this IE
>>>> limitation.
>>>>
>>>> Thanks,
>>>> --Rick
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: IE 20 session cookies limitation
Posted by Peter Rossbach <pr...@objektpark.de>.
Option is
<Connector emptySessionPath="true" ... />
Then all webapps share the same session id.
Cheers
Peter
Am 16.04.2006 um 15:12 schrieb Tim Funk:
> Check the docs - there is an option that will allow tomcat to use
> the same jsessionid for all webapps.
>
> -Tim
>
> Rick Wong wrote:
>
>> It's been a while since my last posting of this topic. I have a
>> work-around that perhaps someone may find it useful.
>> I worked around the issue by implementing a Tomcat Valve, and
>> screen out for the jsessionsso cookie on every request. If I find
>> it, I reinsert it back into the response within the valve to touch
>> the timestamp of the jssessionsso cookie. This way, when IE wants
>> to throw away a cookie, jsessionsso would be the last one it
>> picks. It's not a perfect solution but there is nothing I can do
>> about IE's deficiency (how often do you see Microsoft rigidly
>> conforms to a spec?)
>> Thanks,
>> --
>> Rick
>> Rick Wong wrote:
>>> Hi,
>>>
>>> I am using Tomcat 5.0.26. I have 20+ web applications hooked up
>>> with single-sign-on. Each web application generates a JESSIONID
>>> session cookie with a different path, and shares a single
>>> JSESSIONIDSSO.
>>>
>>> When testing my suite of applications, I notice that IE
>>> consistently drops my login after accessing the 20th web
>>> application within a session. I did some research and learned
>>> about RFC 2109 where HTTP agents should support a minimum of 20
>>> session cookies per domain. That appears to be just what IE
>>> does. The following Microsoft knowledgebase article explains
>>> that: http://support.microsoft.com/default.aspx?scid=kb;EN-US;
>>> 306070. I suspect JSESSIONIDSSO was the oldest cookie, and was
>>> the first to get dropped by IE when reaching over 20 session
>>> cookies. Firefox does not have this problem.
>>>
>>> Knowing that I cannot easily refactor the application suite to
>>> make less number of web application (< 19), I am wondering if
>>> anyone else has this problem, and if and how I might work around
>>> this IE limitation.
>>>
>>> Thanks,
>>> --
>>> Rick
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: IE 20 session cookies limitation
Posted by Tim Funk <fu...@joedog.org>.
Check the docs - there is an option that will allow tomcat to use the same
jsessionid for all webapps.
-Tim
Rick Wong wrote:
> It's been a while since my last posting of this topic. I have a
> work-around that perhaps someone may find it useful.
>
> I worked around the issue by implementing a Tomcat Valve, and screen out
> for the jsessionsso cookie on every request. If I find it, I reinsert
> it back into the response within the valve to touch the timestamp of the
> jssessionsso cookie. This way, when IE wants to throw away a cookie,
> jsessionsso would be the last one it picks. It's not a perfect solution
> but there is nothing I can do about IE's deficiency (how often do you
> see Microsoft rigidly conforms to a spec?)
>
>
> Thanks,
> --
> Rick
>
> Rick Wong wrote:
>
>> Hi,
>>
>> I am using Tomcat 5.0.26. I have 20+ web applications hooked up with
>> single-sign-on. Each web application generates a JESSIONID session
>> cookie with a different path, and shares a single JSESSIONIDSSO.
>>
>> When testing my suite of applications, I notice that IE consistently
>> drops my login after accessing the 20th web application within a
>> session. I did some research and learned about RFC 2109 where HTTP
>> agents should support a minimum of 20 session cookies per domain.
>> That appears to be just what IE does. The following Microsoft
>> knowledgebase article explains that:
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;306070. I
>> suspect JSESSIONIDSSO was the oldest cookie, and was the first to get
>> dropped by IE when reaching over 20 session cookies. Firefox does not
>> have this problem.
>>
>> Knowing that I cannot easily refactor the application suite to make
>> less number of web application (< 19), I am wondering if anyone else
>> has this problem, and if and how I might work around this IE limitation.
>>
>> Thanks,
>> --
>> Rick
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: iis 6.0 + apache-tomcat 5.0.28
Posted by Len Popp <le...@gmail.com>.
It sounds like this bug:
http://issues.apache.org/bugzilla/show_bug.cgi?id=39041
--
Len
On 4/17/06, Sergio Gonzalez Ramos <se...@yahoo.es> wrote:
> I'm getting following error
>
>
> Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext listenerStart
> SEVERE: Error configuring application listener of class listeners.SessionListener
> java.lang.ClassFormatError: Extra bytes at the end of class file listeners/SessionListener
> at java.lang.ClassLoader.defineClass1(Native Method)
> at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
> at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
> at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1812)
> at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:866)
> at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1319)
> at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
> at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3677)
> at org.apache.catalina.core.StandardContext.start(StandardContext.java:4183)
> at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
> at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
> at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
> at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
> at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
> at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
> at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1112)
> at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
> at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
> at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
> at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
> at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
> at org.apache.catalina.core.StandardService.start(StandardService.java:450)
> at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
> Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext listenerStart
> SEVERE: Skipped installing application listeners due to previous error(s)
>
>
> I'm trying to setup one iis 6.0 with Tomcat 5.0.28 and mod_jk (isapi_redirector.dll)
>
> Can someone tell me what error i'm facing.
> Regards.
> Sergio Gonzalez Ramos
>
>
> ---------------------------------
>
> LLama Gratis a cualquier PC del Mundo.
> Llamadas a fijos y móviles desde 1 céntimo por minuto.
> http://es.voice.yahoo.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: iis 6.0 + apache-tomcat 5.0.28
Posted by abdurrahman sahin <ab...@argela.com.tr>.
hi;
it looks like you have different application versions, please ensure that
you have the same java version all around the whole system.
http://asahin.net
-----Original Message-----
From: Sergio Gonzalez Ramos [mailto:sergio_gonra@yahoo.es]
Sent: Monday, April 17, 2006 3:46 PM
To: Tomcat Users List
Subject: iis 6.0 + apache-tomcat 5.0.28
I'm getting following error
Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Error configuring application listener of class
listeners.SessionListener
java.lang.ClassFormatError: Extra bytes at the end of class file
listeners/SessionListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLo
ader.java:1812)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.jav
a:866)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1319)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1198)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:
3677)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4183)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7
59)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867
)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1112)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:119)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at
org.apache.catalina.core.StandardService.start(StandardService.java:450)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext
listenerStart
SEVERE: Skipped installing application listeners due to previous error(s)
I'm trying to setup one iis 6.0 with Tomcat 5.0.28 and mod_jk
(isapi_redirector.dll)
Can someone tell me what error i'm facing.
Regards.
Sergio Gonzalez Ramos
---------------------------------
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
iis 6.0 + apache-tomcat 5.0.28
Posted by Sergio Gonzalez Ramos <se...@yahoo.es>.
I'm getting following error
Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Error configuring application listener of class listeners.SessionListener
java.lang.ClassFormatError: Extra bytes at the end of class file listeners/SessionListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1812)
at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:866)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1319)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3677)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4183)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:904)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:867)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:474)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1112)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Apr 17, 2006 6:28:57 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Skipped installing application listeners due to previous error(s)
I'm trying to setup one iis 6.0 with Tomcat 5.0.28 and mod_jk (isapi_redirector.dll)
Can someone tell me what error i'm facing.
Regards.
Sergio Gonzalez Ramos
---------------------------------
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com