Hi, We are porting our application from Tomcat 4.1.24 to Tomcat 5.5.17 and noticed there is a change of behavior in Tomcat 5 which causes our OpenSTA testing scripts fail to run:
Tomcat 5 can send down more than one sessionIDs to the web client with the same path. e.g. request.getSession().invalidate(); request.getSession(); will send down 2 "Set-Cookie" headers with the same context path. The first one contains the session ID created by the first "request.getSession()" and the second one contains the second session ID created by the second "request.getSession()". OpenSTA appears to pick up the first session ID instead of the second one. This basically causes the subsequent requests containing the wrong session ID. Although we can argue that it is the client's responsibility to pick up the second sesson ID, it would be much more logical and robust for the server to send down only one session ID with the same path. Tomcat 4 seems to behave correctly and it works happily with OpenSTA. I checked the source code "org.apache.catalina.connector.Request.java" and "doGetSession" method always add a new session cookie into the response once a new session is created, without checking if there is an existing session cookie with the same path in the response object. One way to avoid this problem is to modify the application to ensure only one new session is created. Since we are using struts, the first new session is actually created in struts action class, we will have to manually remove the first "Set-Cookie" header in the response for the regression test to work. Since this is not reported in the bug list, we would like to know if the above behavior of Tomcat 5 is a problem or it is by design. If you think it is a bug, please let us know if you will be able to fix it in the near future. Thanks Wendy -------------------------------------------------------------------------------- Weihong Gong Fujitsu Australia Software Technology Address: 14 Rodborough Road, Frenchs Forest NSW 2086 Tel: +61 2 9452 9062 Fax: +61 2 9975 2899 Mobile: +61 407486297 Email: [EMAIL PROTECTED] Web site: www.fastware.com This is an email from Fujitsu Australia Software Technology Pty Ltd, ABN 27 003 693 481. It is confidential to the ordinary user of the email address to which it was addressed and may contain copyright and/or legally privileged information. No one else may read, print, store, copy or forward all or any of it or its attachments. If you receive this email in error, please return to sender. Thank you. If you do not wish to receive commercial email messages from Fujitsu Australia Software Technology Pty Ltd, please email [EMAIL PROTECTED]
