You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kitching Simon <Si...@orange.ch> on 2000/10/04 10:22:19 UTC
RE: Problem with session -- Each Time creating new session, inste
ad of existing one
Hi,
Sessions are identified by cookies (normally, anyway).
The way a web server tells a browser to set a cookie is to send an http
command
in the *header* of the returned data.
If you look at the documentation for pageContext.include(....), which I
guess is what
you are using to execute your servlet from within you jsp file, you will see
that the
specification *requires* tomcat to flush the output buffer (including all
http headers)
to the client before invoking the included servlet or jsp page.
The implication is that no included page can ever set a header attribute,
including
cookies. Your servlet code is indirectly calling response.setCookie, which
is calling
response.setHeader(....) but the header info has already gone gone gone....
It seems to me that an IllegalStateException really should be generated if
you
ever try to set a cookie after the response has been flushed, but this
doesn't seem
to happen. In my experience it just gets ignored.
I think the solution in your case is to separate your servlet into a *bean*
and a
trivial servlet-wrapper that invokes the bean. You can then include the same
bean into your jsp page with a <jsp:useBean> command, and call it directly.
Because you are *not* doing an include, the response buffer doesn't get
flushed
and (hopefully) your create session call request.getSession(true) (ie
addCookie call)
will then take effect.
Hope this helps (and hope it is right, part of it is just guessing....)
Simon
> -----Original Message-----
> From: sanjeev c joshi [SMTP:schidamb@cisco.com]
> Sent: Wednesday, October 04, 2000 8:45 AM
> To: tomcat-user@jakarta.apache.org
> Cc: Joshi Sanjeev C
> Subject: Problem with session -- Each Time creating new session,
> instead of existing one
>
> Hi,
>
> I am using Tomact with Apache.I have a problem with the session.
>
> I have a servlet . The servlet AuthServlet has a method called
> "validsession()" which does
>
> HttpSession session= request.getsession( true);
> :
> :
> When I call the AuthServlet from the browser ( doGet inturn calls
> validsession()) , it returns the existing session appropriately with all
> the session parameters. But when the same AuthServlet is called from
> any other java file or perl sript ( in the cgi-bin directory), it
> creates a new session each time instead of getting my existing
> session. All the class files are in the directory as directed in the
> classpath variable. I have another method in the AuthServlet "
> getCurrentUser()" where It does the same thing i.e,
> HttpSession session= request.getsession( true); strangely it seems to
> work ( it retruns the existing session .....)
>
> Anyone has faced this problem and found the soultion, kindly help me....
>
> Any quick help ... I will be grateful........
>
>
> regards
>
> --Joshi
Re: Problem with session -- Each Time creating new session, instead of
existing one
Posted by sanjeev c joshi <sc...@cisco.com>.
Hi,
But my problem is more fundamental than that. The AuthServlet ( with request
to call validsession() - function) when rendered from the browser ( using the
servlet url ) it seems to be working. But when a perl file ( in the cgi-bin
directory) or a java file luanches the same url (which inturn calls
validsession) , it fails.
Can u explain that ...? what is the problem ? FYI this was working fine with
JRun as servlet engine.
regards,
--Joshi
Kitching Simon wrote:
> Hi,
>
> Sessions are identified by cookies (normally, anyway).
> The way a web server tells a browser to set a cookie is to send an http
> command
> in the *header* of the returned data.
>
> If you look at the documentation for pageContext.include(....), which I
> guess is what
> you are using to execute your servlet from within you jsp file, you will see
> that the
> specification *requires* tomcat to flush the output buffer (including all
> http headers)
> to the client before invoking the included servlet or jsp page.
>
> The implication is that no included page can ever set a header attribute,
> including
> cookies. Your servlet code is indirectly calling response.setCookie, which
> is calling
> response.setHeader(....) but the header info has already gone gone gone....
>
> It seems to me that an IllegalStateException really should be generated if
> you
> ever try to set a cookie after the response has been flushed, but this
> doesn't seem
> to happen. In my experience it just gets ignored.
>
> I think the solution in your case is to separate your servlet into a *bean*
> and a
> trivial servlet-wrapper that invokes the bean. You can then include the same
> bean into your jsp page with a <jsp:useBean> command, and call it directly.
> Because you are *not* doing an include, the response buffer doesn't get
> flushed
> and (hopefully) your create session call request.getSession(true) (ie
> addCookie call)
> will then take effect.
>
> Hope this helps (and hope it is right, part of it is just guessing....)
>
> Simon
>
> > -----Original Message-----
> > From: sanjeev c joshi [SMTP:schidamb@cisco.com]
> > Sent: Wednesday, October 04, 2000 8:45 AM
> > To: tomcat-user@jakarta.apache.org
> > Cc: Joshi Sanjeev C
> > Subject: Problem with session -- Each Time creating new session,
> > instead of existing one
> >
> > Hi,
> >
> > I am using Tomact with Apache.I have a problem with the session.
> >
> > I have a servlet . The servlet AuthServlet has a method called
> > "validsession()" which does
> >
> > HttpSession session= request.getsession( true);
> > :
> > :
> > When I call the AuthServlet from the browser ( doGet inturn calls
> > validsession()) , it returns the existing session appropriately with all
> > the session parameters. But when the same AuthServlet is called from
> > any other java file or perl sript ( in the cgi-bin directory), it
> > creates a new session each time instead of getting my existing
> > session. All the class files are in the directory as directed in the
> > classpath variable. I have another method in the AuthServlet "
> > getCurrentUser()" where It does the same thing i.e,
> > HttpSession session= request.getsession( true); strangely it seems to
> > work ( it retruns the existing session .....)
> >
> > Anyone has faced this problem and found the soultion, kindly help me....
> >
> > Any quick help ... I will be grateful........
> >
> >
> > regards
> >
> > --Joshi