-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael,
On 4/19/2009 3:09 PM, Menachem Husarsky wrote: > We have multiple sites on our old host that ran under IIS and Resin > fine for years, we recently switched to a dedicated server using > windows 2k3 [still using IIS with Tomcat 6.0.x connected with > mod_jk's isapi redirector version 1.2.27]. > > [snip] > > The problem started from day one. each day across all our sites, > "some" shoppers will randomly have their carts purged out right in > the middle of their checkout process. Are all your customers using Cookies? If some people are using URL rewriting because cookies aren't supported, you might be losing the session id due to an accidentally non-encoded URL. But that would have had the same problem under Resin, so it's unlikely to be the problem. Do you ever switch hostnames during any of the website interactions? That would break your Cookie trail and you would observe the user's session "disappearing". The same thing can happen if the session cookie was created using HTTPS and then you switch to HTTP. > My only conclusion is somehow these customers are losing their > sessions and being issued new ones. It seems to do this randomly and > I can't seem to replicate the error myself, but I am recording how > often it occurs to other people. Can you give us more information about the circumstances? Does it always happen during a particular page transition? What else do these failures have in common? > I'm uncertain who is the culprit here (IIS or Tomcat or > TomcatRedirector). It's unlikely to be IIS or the redirector... they just pass-through the session identification information to Tomcat. > I have read other entries with people who have similar problems, but > there doesn't seem to be much in the way of solutions. I think that's because these issues are often complex and the solutions are not very generalizable. The problem typically turns out to be the application itself or network configuration or something like that. There is no setting in Tomcat to make it stop losing your sessions (and if there were, I'm sure it would be "on" by default). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknuKX4ACgkQ9CaO5/Lv0PCKnwCfdwp3UXUckpV49KjOS5wUg27s ESkAoKWLl3Dl8owc8CvyrdHGsrIz3vNB =E4s5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
