Trouble with JDBC Session Persistence (Tomcat 4.1)
I am having some troubles getting JDBC session persistance to work. I have set up my Oracle DB and server.xml correctly (as I have verified that the session is indeed stored in the DB), but then after restarting tomcat, it appears that the session is not getting swapped in correctly. Here is a brief look at the logs: During restart: 2005-07-07 13:49:57 JDBCStore[/app]: Saving Session 76A744CB82C2236959A6AB456785AF13 to database tomcat_sessions After restart, and hitting login page: 2005-07-07 13:52:37 JDBCStore[/app]: Loading Session 76A744CB82C2236959A6AB456785AF13 from database tomcat_sessions 2005-07-07 13:52:37 PersistentManager[/app]: readObject() loading session 76A744CB82C2236959A6AB456785AF13 2005-07-07 13:52:37 PersistentManager[/app]: loading attribute 'CustomerInfo' with value '{customerId=0, companyName=null, contactName=null, address*=null, phone=null, fax=null, email=null, bitflags=0, createDate=null, modifyDate=null}' 2005-07-07 13:52:37 PersistentManager[/app]: loading attribute 'UserInfo' with value '[EMAIL PROTECTED]' 2005-07-07 13:52:37 PersistentManager[/app]: loading attribute 'UserLoggedIn' with value 'true' 2005-07-07 13:52:37 PersistentManager[/app]: loading attribute 'org.apache.struts.action.LOCALE' with value 'en_US' 2005-07-07 13:52:37 PersistentManager[/app]: Swapping session 76A744CB82C2236959A6AB456785AF13 in from Store But right after: 2005-07-07 13:52:37 JDBCStore[/app]: Removing Session 76A744CB82C2236959A6AB456785AF13 at database tomcat_sessions 2005-07-07 13:52:37 JDBCStore[/app]: JDBCStore: No persisted data object found 2005-07-07 13:52:37 JDBCStore[/app]: JDBCStore: No persisted data object found 2005-07-07 13:52:37 JDBCStore[/app]: JDBCStore: No persisted data object found 2005-07-07 13:52:37 JDBCStore[/app]: JDBCStore: No persisted data object found I am using Struts for the controller layer of this application. In the RequestProcessor.processRoles, whenever an action is hit, this code is executed (facade is a session facade) SessionFacade facade = new SessionFacade(request); if (facade.getUserLoggedIn() != Boolean.TRUE){ LOG.debug(user not logged in session); if(VALIDATE_SESSION.equals(mapping.getParameter())) { // If the attribute parameter of the action is specified as // validateSession, then forward the user back to the login // page LOG.debug(invalid session); HttpSession httpSession = request.getSession(); httpSession.invalidate(); ActionForward forwardConfig = (ActionForward) moduleConfig.findForwardConfig(login); processForwardConfig(request, response, forwardConfig); return false; } } Looking at the struts log, we see that at the same time of the session swap: 2005-07-07 13:52:37,840 DEBUG [Thread-4] RequestProcessor processRoles (RequestProcessor.java:167) - user not logged in session 2005-07-07 13:52:37,864 DEBUG [Thread-4] RequestProcessor processRoles (RequestProcessor.java:172) - invalid session It appears that the session is removed from the DB when invalidate() is called. So apparently, even though the Manager thinks that the session has been swapped in, it does not appear to be that way. Any suggestions? Thanks! -L - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
Yes. You only have to sent the right cookie header to the server. And if the browser exits the right header info is lost. So, if you create a browser which doesn't loose cookie info, you are done. This has nothing to do with which server you are running. For php, asp or anything else it works the same. Ronald. On Thu May 12 16:57:29 CEST 2005 Tomcat Users List tomcat-user@jakarta.apache.org wrote: Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. -- Sebastian -- Sebastian Millies, IDS Scheer AG Postfach 10 15 34, 66015 Saarbr?cken Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax +49-681-210-1311 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can a client recapture a session in Tomcat 4.1
Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. -- Sebastian -- Sebastian Millies, IDS Scheer AG Postfach 10 15 34, 66015 Saarbrücken Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax +49-681-210-1311 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can a client recapture a session in Tomcat 4.1
I am not sure if this can be done... I guess you could build framework where the user's session id and ip is logged (unless they logout) and then when the user comes back you could use the old session. I have never tried this but this personally but I dont see why it should not work. Arup -Original Message- From: Millies, Sebastian [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 15:57 To: tomcat-user@jakarta.apache.org Subject: Can a client recapture a session in Tomcat 4.1 Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. -- Sebastian -- Sebastian Millies, IDS Scheer AG Postfach 10 15 34, 66015 Saarbrücken Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax +49-681-210-1311 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
Hi Sebastian, Am Donnerstag, 12. Mai 2005 16:57 schrieb Millies, Sebastian: Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. From my point of view, you are already asking the right questions. Firstly, if you would always maintain the session by using cookies and never by transporting the session id with the url, if you would furthermore set a persistent session cookie which would not be destroyed when the browser would be closed, and if last but not least the user would have made his browser settings accordingly - not deleting cookies when closing the browser -, then it would be possible to re-capture the Tomcat session as long as it would exist on the server. As you can see, there are a lot if's. Secondly, it would be a severe security hole in your application if you would set persistent session cookies. From the security point of view, the session cookie has to be destroyed when the browser is closed. Imagine, a user does close the browser intentionally and not accidentally, and the next user can re-capture, rather hijack, his session just because the session cookie is persistent. Draw the conclusion yourself, but a persistent session cookie to comfort the user when closing the browser accidentally results in a security hole which I would not allow in my web application. It cannot be in the interest of the user concerned that you cannot guarantee the privacy of his data after the browser has been closed due to persistent session cookies. Best wishes Lutz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
Using IP sounds a bit scary as a lookup - think of all the users with equivalent IP addresses (because of NATing routers/firewalls, etc.). Plus it would be a strikes me it would be a nightmare to test... But, if instead you wanted to have a session that wasn't linked to tomcat's notion of a session, you could (maybe) build a separate Session management that was stored in a regular (non-session) cookie -- it would then persist across sessions in the same browser... Tim Arup Vidyerthy wrote: I am not sure if this can be done... I guess you could build framework where the user's session id and ip is logged (unless they logout) and then when the user comes back you could use the old session. I have never tried this but this personally but I dont see why it should not work. Arup -Original Message- From: Millies, Sebastian [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 15:57 To: tomcat-user@jakarta.apache.org Subject: Can a client recapture a session in Tomcat 4.1 Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. -- Sebastian -- Sebastian Millies, IDS Scheer AG Postfach 10 15 34, 66015 Saarbrcken Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax +49-681-210-1311 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can a client recapture a session in Tomcat 4.1
I agree, actually once I posted it I thought the same thing. What I suggested is not particularly useful but I have seen it done :-( I guess, in the end this whole session persistence is just a bad idea. Arup -Original Message- From: Tim Diggins [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 16:21 To: Tomcat Users List Subject: Re: Can a client recapture a session in Tomcat 4.1 Using IP sounds a bit scary as a lookup - think of all the users with equivalent IP addresses (because of NATing routers/firewalls, etc.). Plus it would be a strikes me it would be a nightmare to test... But, if instead you wanted to have a session that wasn't linked to tomcat's notion of a session, you could (maybe) build a separate Session management that was stored in a regular (non-session) cookie -- it would then persist across sessions in the same browser... Tim Arup Vidyerthy wrote: I am not sure if this can be done... I guess you could build framework where the user's session id and ip is logged (unless they logout) and then when the user comes back you could use the old session. I have never tried this but this personally but I dont see why it should not work. Arup -Original Message- From: Millies, Sebastian [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 15:57 To: tomcat-user@jakarta.apache.org Subject: Can a client recapture a session in Tomcat 4.1 Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? Would this be a browser-specific thing? After all, I guess I'd need to tell the browser to persist the session cookie or some such thing. Or would it work browser-independently using URL-rewriting? If there is such a mechanism, does it pose any security concerns (e. g. through Tomcat reusing a session-id for a totally different session?) We're on Tomcat 4.1. Would the answer be any different for Tomcat 5.0? Thanks for any enlightenment or additional pointers-. -- Sebastian -- Sebastian Millies, IDS Scheer AG Postfach 10 15 34, 66015 Saarbrücken Zi D1.16, [EMAIL PROTECTED] fon +49-681-210-3221, fax +49-681-210-1311 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
Hi Tim, Am Donnerstag, 12. Mai 2005 17:20 schrieb Tim Diggins: Using IP sounds a bit scary as a lookup - think of all the users with equivalent IP addresses (because of NATing routers/firewalls, etc.). Plus it would be a strikes me it would be a nightmare to test... But, if instead you wanted to have a session that wasn't linked to tomcat's notion of a session, you could (maybe) build a separate Session management that was stored in a regular (non-session) cookie -- it would then persist across sessions in the same browser... But how do you validate that it is still the right person in front of the pc / monitor? ;-) Persistent session cookies are simply an inacceptable security breach if more than one person can have access to the pc. Best wishes Lutz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a client recapture a session in Tomcat 4.1
From: Millies, Sebastian [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 15:57 Can a client recapture his Tomcat session after he has accidentally closed the browser, provided that the session object still exists on the server? If the client authenticates to your server (i.e. they log in), then you can use their login credentials as a key for session data. The downside is that you'll have to basically build your own session manager to facilitate this. (To handle expiration, inactivation, etc. if you want those features). However, there's no reason you can't leverage the built in session listeners to help implement this. For example, you can do some crude reference counting and when a user logs in, you register their session with your login-ID based session manager. Then, when the session expires (and calls the listener), it can check to see if any other sessions are registered, and if not, then it can safely kill the login-ID based session. This gives you the time out capability fairly cheaply. You don't get serialization and such though, nor clustering, but if you're not using those features, you don't care. Actually, as an aside, this would be a bit nasty, but you may be able to tweak the Tomcat session code to instead of using a temporary, browser based JSESSIONID cookie, make it permanent (but still expire in, say, an hour -- whatever timeout is suitable). This cookie would survive browser restarts (for good and ill). Other folks have mentioned the potential ramifications of that, but by doing it this way, it's possible. Just hope they don't use this in a public library. This basically redefines how sessions work for YOUR Tomcat, but it doesn't sound like an arduous change, and you get all of the other Tomcat session infrastructure for free. Your webapp won't be portable if you really on this though, since you have to change Tomcat itself to make it work. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session state Tomcat 5.5.4
I'm experiencing, what I believe to be, strange behavior with Tomcat 5.5.4. I'm using Oracle connection pooling and the pool is initialized, and connections made to the database, upon startup. I can query the v$session view to verify that the connections were made. I put the connection pool object in the Application context. My problem is this, when Tomcat encounters some sort of error, like can't find a JSP page for example, the session seems to be invalidated and the connection pool object is unreachable. However, the connections still exist. Again, querying the v$session view indicates the connections are still there. At this point, I'm forced to restart Tomcat, which resolves the problem. Any ideas? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
No session in tomcat 5.0.24
Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
I just did some more investigation. Sessions are working for every app except the most important one :). The web.xml of both apps are empty except for the body of web.xml. Pretty weird, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:30 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
What about the main web.xml in the conf directory? and do you have context.xml in the META-INF directory of the app. What about server.xml is that all the same? -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:34 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I just did some more investigation. Sessions are working for every app except the most important one :). The web.xml of both apps are empty except for the body of web.xml. Pretty weird, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:30 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
I only uncommented the invoker servlet in the main web.xml, haven't touched the server.xml. But as it works for another app on the same server, I'm guessing this couldn't be the problem? As for context.xml, I have never heard of it, and it isn't present in both webapps. Greetz, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:41 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 What about the main web.xml in the conf directory? and do you have context.xml in the META-INF directory of the app. What about server.xml is that all the same? -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:34 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I just did some more investigation. Sessions are working for every app except the most important one :). The web.xml of both apps are empty except for the body of web.xml. Pretty weird, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:30 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
Thats me out of ideas then. Good luck. In tomcat version 4 you could have a context container in your server.xml. In tomcat 5 it is recommended that you have these containers in context.xml in the META-INF directory of each webapp. -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:48 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I only uncommented the invoker servlet in the main web.xml, haven't touched the server.xml. But as it works for another app on the same server, I'm guessing this couldn't be the problem? As for context.xml, I have never heard of it, and it isn't present in both webapps. Greetz, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:41 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 What about the main web.xml in the conf directory? and do you have context.xml in the META-INF directory of the app. What about server.xml is that all the same? -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:34 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I just did some more investigation. Sessions are working for every app except the most important one :). The web.xml of both apps are empty except for the body of web.xml. Pretty weird, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:30 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: No session in tomcat 5.0.24
Rob Tillie wrote: Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have experienced a simmilar problem - it looks like the session was lost between the requests - in fact the problem was, that tomcat sets two cookies (for the root context and the application context) and it seems like it could not correctly handle thre response if those two cookies are sent back and starts a new session. I solved this for now by adding the following line to the the host element Context path= docBase=ROOT debug=0 cookies=false/ the magic is to set the cookies=false on the root context. So the application context (/opsjs in our case) is the only which uses cookies. I have seen this with Internet-Explorer and Mozilla - so it might be a tomcat problem?? Not sure - wanted to figured it out a bit more, but thought it might help you and so come out with this now. -- Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
Wow, this solved my problem... thanx a lot... so simple after 5 hours of work. Greetz, -- Rob. -Original Message- From: Mario Ivankovits [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:05 AM To: Tomcat Users List Subject: Re: No session in tomcat 5.0.24 Rob Tillie wrote: Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have experienced a simmilar problem - it looks like the session was lost between the requests - in fact the problem was, that tomcat sets two cookies (for the root context and the application context) and it seems like it could not correctly handle thre response if those two cookies are sent back and starts a new session. I solved this for now by adding the following line to the the host element Context path= docBase=ROOT debug=0 cookies=false/ the magic is to set the cookies=false on the root context. So the application context (/opsjs in our case) is the only which uses cookies. I have seen this with Internet-Explorer and Mozilla - so it might be a tomcat problem?? Not sure - wanted to figured it out a bit more, but thought it might help you and so come out with this now. -- Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
Context.xml is great.. But once your WAR has unpacked once, tomcat doesn't overwrite the descriptor in the config/Catalina/hostname/ directory... Rob - I assume you're not using any special session implementation?? -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 10:01 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 Thats me out of ideas then. Good luck. In tomcat version 4 you could have a context container in your server.xml. In tomcat 5 it is recommended that you have these containers in context.xml in the META-INF directory of each webapp. -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:48 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I only uncommented the invoker servlet in the main web.xml, haven't touched the server.xml. But as it works for another app on the same server, I'm guessing this couldn't be the problem? As for context.xml, I have never heard of it, and it isn't present in both webapps. Greetz, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:41 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 What about the main web.xml in the conf directory? and do you have context.xml in the META-INF directory of the app. What about server.xml is that all the same? -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:34 To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I just did some more investigation. Sessions are working for every app except the most important one :). The web.xml of both apps are empty except for the body of web.xml. Pretty weird, -- Rob. -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 10:30 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 I would hazard a guess that you have made configurational changes to either the server.xml or the web.xml in your older installation. I would look at all the parameters set in these files carefully and see if you can spot a difference. Ta Matt -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: 14 May 2004 09:06 To: [EMAIL PROTECTED] Subject: No session in tomcat 5.0.24 Hello all, Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have searched the archives but couldn't find any usefull info. Any idea what the problem may be? Greetz, -- Rob. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: No session in tomcat 5.0.24
Hi, Hmm, not so simple actually. I'd like to find out the root cause for this behavior, but I don't have the bandwidth. Thanks for posting the info Mario (or should we call you Mr. VFS now? ;)). Yoav Shapira Millennium Research Informatics -Original Message- From: Rob Tillie [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 5:07 AM To: Tomcat Users List Subject: RE: No session in tomcat 5.0.24 Wow, this solved my problem... thanx a lot... so simple after 5 hours of work. Greetz, -- Rob. -Original Message- From: Mario Ivankovits [mailto:[EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:05 AM To: Tomcat Users List Subject: Re: No session in tomcat 5.0.24 Rob Tillie wrote: Last night we updated our tomcat server from 5.0.16 to 5.0.24. Suddenly, the web applications don't keep the same session between requests, hereby rendering parts of our applications useless. I have experienced a simmilar problem - it looks like the session was lost between the requests - in fact the problem was, that tomcat sets two cookies (for the root context and the application context) and it seems like it could not correctly handle thre response if those two cookies are sent back and starts a new session. I solved this for now by adding the following line to the the host element Context path= docBase=ROOT debug=0 cookies=false/ the magic is to set the cookies=false on the root context. So the application context (/opsjs in our case) is the only which uses cookies. I have seen this with Internet-Explorer and Mozilla - so it might be a tomcat problem?? Not sure - wanted to figured it out a bit more, but thought it might help you and so come out with this now. -- Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Create session on Tomcat 4.1.24
Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Howdy, Like tomcat 4.0.4, tomcat 4.1.24 creates an HttpSession when you use HttpServletRequest.getSession(). There's no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Create session on Tomcat 4.1.24
no magic here now, there was no magic here before. If you're running into a specific error, post details and we'll try to help ;) Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:19 AM To: Tomcat User Subject: Create session on Tomcat 4.1.24 Hi, I am trying to upgrade our current Tomcat 4.0.4 to Tomcat 4.1.24. After logged in our application, we store the user information as an attribute in the session. With Tomcat 4.1.24, it seems the session was not created. How can I configure tomcat 4.1.24 to create session automatically? Thanks in advance. Chiming - Do you Yahoo!? The New Yahoo! Shopping - with improved product search This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? The New Yahoo! Shopping - with improved product search
RE: Create session on Tomcat 4.1.24
Owdy, And what do you see in your logs? Successful login, and then redirection to access denied page? Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:58 AM To: Tomcat Users List Subject: RE: Create session on Tomcat 4.1.24 Hi, Thank you for your quick response. We are using Tomcat 4.0.4, Struts 1.0.2 for our application. In the perform() method of the logon action class, we get the HttpSession, say session, by calling request.getSession(). And then store the user class by calling session.setAttribute(userinfo, user). Also, we have a taglib to check if user has been logged on by retrieving the session attribute userinfo. If the userinfo attribute is null, the taglib will forward to assess denied page. Following are the snippets of my logon action class and the check logon taglib. It was working fine on 4.0.4. Now with 4.1.24, after logged in, user will be forwarded to the access denied page. Thanks again. Chiming // public final class LogonAction extends Action { // Public Methods - /** * Process the specified HTTP request, and create the corresponding HTTP * response (or forward to another web component that will create it). * Return an codeActionForward/code instance describing where and how * control should be forwarded, or codenull/code if the response has * already been completed. * * @param mapping The ActionMapping used to select this instance * @param actionForm The optional ActionForm bean for this request (if any) * @param request The HTTP request we are processing * @param response The HTTP response we are creating * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet exception occurs */ public ActionForward perform(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Auth auth = new Auth(path); User user = auth.authenticate(username, password); if(user == null) { errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(error.password.mismatch)); } // Report any errors we have discovered back to the original form if (!errors.empty()) { ((LogonForm) form).setStatus(Invalid username or password); saveErrors(request, errors); servlet.log( ***User is not logged on in session ); return (mapping.findForward(logon)); } HttpSession session = request.getSession(); session.setAttribute(ConstantStrings.USER, user); if (servlet.getDebug() = 1) servlet.log(LogonAction: User ' + user.getUsername() + ' logged on in session + session.getId()); // Remove the obsolete form bean if (mapping.getAttribute() != null) { if (request.equals(mapping.getScope())) request.removeAttribute(mapping.getAttribute()); else request.getSession().removeAttribute(mapping.getAttribute()); } // Forward control to the specified success URI return (mapping.findForward(success)); } } // public final class CheckLogonTag extends TagSupport { // - Instance Variables /** * The page to which we should forward for the user to log on. */ private String page = /logon/accessDenied.jsp; // --- Properties /** * Return the forward page. */ public String getPage() { return (this.page); } /** * Set the forward page. * * @param page The new forward page */ public void setPage(String page) { this.page = page; } // --- Public Methods /** * Defer our checking until the end of this tag is encountered. * * @exception JspException if a JSP exception has occurred */ public int doStartTag() throws JspException { return (SKIP_BODY); } /** * Perform our logged-in user check by looking for the existence of * a session scope bean under the specified name. If this bean is not * present, control is forwarded to the specified logon page. * * @exception JspException if a JSP exception has occurred */ public int doEndTag() throws JspException { // Is there a valid user logged on? boolean valid = false; HttpSession session = pageContext.getSession(); if ((session != null) (session.getAttribute(ConstantStrings.USER) != null)) valid = true; // Forward control based on the results if (valid) return (EVAL_PAGE); else { try { pageContext.forward(page); } catch (Exception e) { throw new JspException(e.toString()); } return (SKIP_PAGE); } } /** * Release any acquired resources
Re: Create session on Tomcat 4.1.24
Hi, In my struts-config.xml, the logon action mappings looks like this: action-mapping action path=/logon type = com.act.logon.LogonAction name=logonForm scope=request input=/logon/logon.jsp forward name=logon path=/logon/logon.jsp/ forward name=changePassword path=/logon/changePassword.jsp/ forward name=failure path=/logon/accessDenied.jsp/ forward name=success path=/main/main.jsp redirect=true/ /action The main.jsp is the page that use the check logon taglib. If I remove the redirect=true attribute in the forward element, it seems to work. But why it behaves differently (4.0.4 vs 4.1.24)? Does the redirect=true cause a new session to be created? Does tomcat store the sessionid in cookie? Thanks, Chiming - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, October 24, 2003 11:02 AM Subject: RE: Create session on Tomcat 4.1.24 Owdy, And what do you see in your logs? Successful login, and then redirection to access denied page? Yoav Shapira Millennium ChemInformatics -Original Message- From: Chiming Huang [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2003 10:58 AM To: Tomcat Users List Subject: RE: Create session on Tomcat 4.1.24 Hi, Thank you for your quick response. We are using Tomcat 4.0.4, Struts 1.0.2 for our application. In the perform() method of the logon action class, we get the HttpSession, say session, by calling request.getSession(). And then store the user class by calling session.setAttribute(userinfo, user). Also, we have a taglib to check if user has been logged on by retrieving the session attribute userinfo. If the userinfo attribute is null, the taglib will forward to assess denied page. Following are the snippets of my logon action class and the check logon taglib. It was working fine on 4.0.4. Now with 4.1.24, after logged in, user will be forwarded to the access denied page. Thanks again. Chiming // public final class LogonAction extends Action { // Public Methods - /** * Process the specified HTTP request, and create the corresponding HTTP * response (or forward to another web component that will create it). * Return an codeActionForward/code instance describing where and how * control should be forwarded, or codenull/code if the response has * already been completed. * * @param mapping The ActionMapping used to select this instance * @param actionForm The optional ActionForm bean for this request (if any) * @param request The HTTP request we are processing * @param response The HTTP response we are creating * * @exception IOException if an input/output error occurs * @exception ServletException if a servlet exception occurs */ public ActionForward perform(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Auth auth = new Auth(path); User user = auth.authenticate(username, password); if(user == null) { errors.add(ActionErrors.GLOBAL_ERROR, new ActionError(error.password.mismatch)); } // Report any errors we have discovered back to the original form if (!errors.empty()) { ((LogonForm) form).setStatus(Invalid username or password); saveErrors(request, errors); servlet.log( ***User is not logged on in session ); return (mapping.findForward(logon)); } HttpSession session = request.getSession(); session.setAttribute(ConstantStrings.USER, user); if (servlet.getDebug() = 1) servlet.log(LogonAction: User ' + user.getUsername() + ' logged on in session + session.getId()); // Remove the obsolete form bean if (mapping.getAttribute() != null) { if (request.equals(mapping.getScope())) request.removeAttribute(mapping.getAttribute()); else request.getSession().removeAttribute(mapping.getAttribute()); } // Forward control to the specified success URI return (mapping.findForward(success)); } } // public final class CheckLogonTag extends TagSupport { // - Instance Variables /** * The page to which we should forward for the user to log on. */ private String page = /logon/accessDenied.jsp; // --- Properties /** * Return the forward page. */ public String getPage() { return (this.page); } /** * Set the forward page. * * @param page The new forward page */ public void setPage(String
How many concurrent session in tomcat 4.1.24
Title: Nature Hello Everyone, I was just wonderingthat How many concurrent request / session can be efficiently handled by Tomcat 4.1.24 ?? and where it is configured??? Thanks Regards, Pawan Kumar Shrivastava Apar Infotech, Bombay Tel: 91-22-56939710/11/12/13
RE: How many concurrent session in tomcat 4.1.24
As many as your hardware allows. Requests are mainly CPU limited and sessions are mainly memory/disk space (If you are using a persistent manager that swaps sessions out to disk/DB) limited. This also depends on how complex/big your servlets/jsps/sessions are. You can host a LOT more hello world servlets that store the person's name in the session than you can get twenty items from 3 DB's servlets that save 8k of data in the session. The answer is install tomcat on your hardware, with your code and test it. If ANY vendor even tries to give you numbers for this they are blowing smoke up your butt. --Angus -Original Message- From: pawan [mailto:[EMAIL PROTECTED] Sent: Monday, July 07, 2003 8:01 AM To: [EMAIL PROTECTED] Subject: How many concurrent session in tomcat 4.1.24 Hello Everyone, I was just wondering that How many concurrent request / session can be efficiently handled by Tomcat 4.1.24 ?? and where it is configured??? Thanks Regards, Pawan Kumar Shrivastava Apar Infotech, Bombay Tel: 91-22-56939710/11/12/13
Session Persistence + tomcat 4.1.24
Hi, I would like to use persistent sessions with tomcat 4.1.24, but I wonder why the tomcat session cookie is only a browser session cookie. How can I configure the expiry date of the session cookies? Thanks Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Persistence + tomcat 4.1.24
Howdy, Modify session-config in web.xml. -1 (never expire) is a possible legal value. See the Servlet Specification for more details. Yoav Shapira Millennium ChemInformatics -Original Message- From: Dipl.Ing. Torsten Liermann [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 10:08 AM To: [EMAIL PROTECTED] Subject: Session Persistence + tomcat 4.1.24 Hi, I would like to use persistent sessions with tomcat 4.1.24, but I wonder why the tomcat session cookie is only a browser session cookie. How can I configure the expiry date of the session cookies? Thanks Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Persistence + tomcat 4.1.24
Yes, I have this session-config session-timeout-1/session-timeout!-- no timeout -- /session-config but the session cookie is always a browser session cookie. :( On Wed, 2 Jul 2003 10:12:06 -0400 Shapira, Yoav [EMAIL PROTECTED] wrote: Howdy, Modify session-config in web.xml. -1 (never expire) is a possible legal value. See the Servlet Specification for more details. Yoav Shapira Millennium ChemInformatics -Original Message- From: Dipl.Ing. Torsten Liermann [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 02, 2003 10:08 AM To: [EMAIL PROTECTED] Subject: Session Persistence + tomcat 4.1.24 Hi, I would like to use persistent sessions with tomcat 4.1.24, but I wonder why the tomcat session cookie is only a browser session cookie. How can I configure the expiry date of the session cookies? Thanks Torsten - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dipl.-Ing. Torsten Liermann Tel: +49 172/8314436 Fuchsweg 76 Fax: +49 8106/358047 85598 Baldham http://liermann-it.de - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Non persistence session for Tomcat 4.0
I read the answer for subject Non-persisting session manager for 4.1.x? so does Manager pathname = / in the Host works for Tomcat 4.0. I confirm it works for Context but don't for Host, is there another way to do it? Thomas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Non persistence session for Tomcat 4.0
On Wed, 22 Jan 2003, Thomas Colin de Verdière wrote: Date: Wed, 22 Jan 2003 14:30:08 +0100 From: Thomas Colin de Verdière [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Non persistence session for Tomcat 4.0 I read the answer for subject Non-persisting session manager for 4.1.x? so does Manager pathname = / in the Host works for Tomcat 4.0. I confirm it works for Context but don't for Host, is there another way to do it? A Host doesn't have any sessions, so it has no need for a nested Manager element. You'll need to configure each webapp individually. Thomas Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Persistent Session in tomcat
Hi, Could anyone please tell me when will Tomcat retrieve session data from disk/database after the session is being perserved due to too many active sessions/being idle too long? Thanks. __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Losing Session Objects Tomcat 4.02?
Hey Everyone, I'm having a problem that hopefully some of you may be able to resolve. Within the main session I am storing a few custom session objects. For some reason, it seems that after a extended amount of time one of the objects is lost. The main session is still available, so Tomcat isn't dropping everything altogether. Has anyone seen something similiar to this? Thanks, Jim
Problem with session when Tomcat started from priviledged port(80)
Hi, I am having a problem when i start Tomcat from the privilidged port on Solaris machinces(port 80).Everything works fine except the session. When i disable the cookies on the browser the website dosent work.But when i start the same tomcat (with all the java files same) on port above 8000 (for example 8080) and disable the cookies the website works fine.So i only get a problem with the port 80(which happens to be a priviledged port) has anybody came across this problem thanks a lot in advance, rahul - Two roads diverged in a wood,I took the less travelled by and that made the difference -by Robert Frost - -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: session between tomcat and IIS
Since I just ran into the problem of sharing cookies between IIS and Tomcat, I noticed this trait: Tomcat can read cookies set by IIS/ASP, but IIS/ASP can NOT read cookies set by Tomcat. (sorry for the not including original message, just subscribed) -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: session between tomcat and IIS
I should have listed versions and such. The below situation was found running: NT 4.0 SP6, IIS 4, Tomcat 3.3a with NS6 / IE 5.5/6 as client on NT 4 SP6. -- From: [EMAIL PROTECTED][SMTP:[EMAIL PROTECTED]] Reply To: Tomcat Users List Sent: Wednesday, February 06, 2002 6:10 PM To: [EMAIL PROTECTED] Subject: RE: session between tomcat and IIS Since I just ran into the problem of sharing cookies between IIS and Tomcat, I noticed this trait: Tomcat can read cookies set by IIS/ASP, but IIS/ASP can NOT read cookies set by Tomcat. (sorry for the not including original message, just subscribed) -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sticky session with Tomcat 4.0 and mod_jk
Good posting - We are assuming that mod_jk is in essence similar / superset of mod_jserv, of which the following information appears to be excelent regarding failover. http://java.apache.org/jserv/howto.load-balancing.html Is this still valid for mod_jk as well? (accounting for changes in configuration to do loadbalancing for mod_jk) -Original Message- From: Subbu Kaleyathodi [mailto:[EMAIL PROTECTED]] Sent: 14 December 2001 06:56 To: '[EMAIL PROTECTED]' Subject: Sticky session with Tomcat 4.0 and mod_jk Hi All, We are using Tomcat 4.0.1 with Tomcat and would like to use mod_jk as the connector from Apache to Tomcat. The main reason for going with mod_jk is because I read some snippets of documentation that mentioned that it supported sticky sessions. But I haven't found anything comprehensive on this topic. I wanted to find out of people have used mod_jk with Tomcat 4.0.1 for sticky sessions (one of our requirements is that we not use cookies - we will be using URL rewriting). Also I am not clear what is th advantage of using mod_webapp over mod_jk (BTW, does mod_webapp support sticky sessions). Any help is appreciated Subbu Kaleyathodi -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sticky session with Tomcat 4.0 and mod_jk
I found some documentation on 4.0.1 which says that the AJP connector in 4.0.1 does not support load balancing. Does this mean that I cannot use sticky sessions using Tomcat 4.0.1 (because mod_jk relies on AJP connector). Is that true? OR does it mean that it will provide sticky sessions, but load balancing is random. What is the latest version of Tomcat that will support load balancing with sticky sessions (using URL rewriting) with some kind of random load balancing Subbu Kaleyathodi -Original Message- From: Andrew McGhee [mailto:[EMAIL PROTECTED]] Sent: Friday, December 14, 2001 6:20 PM To: Tomcat Users List Subject: RE: Sticky session with Tomcat 4.0 and mod_jk Good posting - We are assuming that mod_jk is in essence similar / superset of mod_jserv, of which the following information appears to be excelent regarding failover. http://java.apache.org/jserv/howto.load-balancing.html Is this still valid for mod_jk as well? (accounting for changes in configuration to do loadbalancing for mod_jk) -Original Message- From: Subbu Kaleyathodi [mailto:[EMAIL PROTECTED]] Sent: 14 December 2001 06:56 To: '[EMAIL PROTECTED]' Subject: Sticky session with Tomcat 4.0 and mod_jk Hi All, We are using Tomcat 4.0.1 with Tomcat and would like to use mod_jk as the connector from Apache to Tomcat. The main reason for going with mod_jk is because I read some snippets of documentation that mentioned that it supported sticky sessions. But I haven't found anything comprehensive on this topic. I wanted to find out of people have used mod_jk with Tomcat 4.0.1 for sticky sessions (one of our requirements is that we not use cookies - we will be using URL rewriting). Also I am not clear what is th advantage of using mod_webapp over mod_jk (BTW, does mod_webapp support sticky sessions). Any help is appreciated Subbu Kaleyathodi -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Sticky session with Tomcat 4.0 and mod_jk
Hi All, We are using Tomcat 4.0.1 with Tomcat and would like to use mod_jk as the connector from Apache to Tomcat. The main reason for going with mod_jk is because I read some snippets of documentation that mentioned that it supported sticky sessions. But I haven't found anything comprehensive on this topic. I wanted to find out of people have used mod_jk with Tomcat 4.0.1 for sticky sessions (one of our requirements is that we not use cookies - we will be using URL rewriting). Also I am not clear what is th advantage of using mod_webapp over mod_jk (BTW, does mod_webapp support sticky sessions). Any help is appreciated Subbu Kaleyathodi
Disabling cookies for session by Tomcat
Is it possible to disable usage of cookies by the Tomcat 4.0? I have to share sessions bettween host.domain:80 and host.domain:443 (for SSL) and cookies are host and port specific. Thanks, -- Oto 'tapik' Buchta -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Session with Tomcat
Hi, I have developed a web application with Tomcat+Cocoon. Now I have noticed that if, on the same machine, I open two MSIE, Tomcat return the same session. This is no good for me because the browsers on the same machine share the same session objects!! How can I do? Thanks in advance. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
AW: Session with Tomcat
Do you open two browsers, or just two windows of the same browser? -Ursprüngliche Nachricht- Von: Stefano Bonnin [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 22. November 2001 14:23 An: [EMAIL PROTECTED] Betreff: Session with Tomcat Hi, I have developed a web application with Tomcat+Cocoon. Now I have noticed that if, on the same machine, I open two MSIE, Tomcat return the same session. This is no good for me because the browsers on the same machine share the same session objects!! How can I do? Thanks in advance. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session with Tomcat
Also maybe try disabling sessions tracking through cookies in the server.xml. -Original Message- From: Stefano Bonnin [mailto:[EMAIL PROTECTED]] Sent: 22 November 2001 13:23 To: [EMAIL PROTECTED] Subject: Session with Tomcat Hi, I have developed a web application with Tomcat+Cocoon. Now I have noticed that if, on the same machine, I open two MSIE, Tomcat return the same session. This is no good for me because the browsers on the same machine share the same session objects!! How can I do? Thanks in advance. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Session with Tomcat
Hi, This is quite normal because your 2 IE windows share the same cookies and so the same session ids. If you have a second browser, like netscape or opera, you can do easily your test. Regards Alex Hi, I have developed a web application with Tomcat+Cocoon. Now I have noticed that if, on the same machine, I open two MSIE, Tomcat return the same session. This is no good for me because the browsers on the same machine share the same session objects!! How can I do? Thanks in advance. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
AW: Session with Tomcat
If you are opening two windows in the same browser this won't help much if you open it with an url from the first window that already contains a session id. -Ursprüngliche Nachricht- Von: Luke Studley [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 22. November 2001 14:38 An: 'Tomcat Users List' Betreff: RE: Session with Tomcat Also maybe try disabling sessions tracking through cookies in the server.xml. -Original Message- From: Stefano Bonnin [mailto:[EMAIL PROTECTED]] Sent: 22 November 2001 13:23 To: [EMAIL PROTECTED] Subject: Session with Tomcat Hi, I have developed a web application with Tomcat+Cocoon. Now I have noticed that if, on the same machine, I open two MSIE, Tomcat return the same session. This is no good for me because the browsers on the same machine share the same session objects!! How can I do? Thanks in advance. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Number of active session in Tomcat instance
Hi, I had asked this question before. But I didn't get any reply. So I post this again in hope someone could help me getting number of active session Tomcat holds. The following code will return number of sessions in a Context(web app) but not all the sessions in the whole JVM (tomcat instance). For example: if I call the class LocalMon in /admintool context: /tomcat/webapps/admintool/WEB-INF/classes/LocalMon then it will only report # of sessions in /admintool web application. Any way I can get the total number of sessions for all web applications (context)? -OR- How to call LocalMon in /admintool context but reports session on other context(web app)? My source file (class) return # of session and a (jsp) is also attached. === import java.util.Vector; import java.util.Enumeration; import java.io.File; import java.net.URL; import javax.servlet.http.*; import org.apache.tomcat.core.Request; import org.apache.tomcat.core.FacadeManager; import org.apache.tomcat.core.Context; import org.apache.tomcat.core.ContextManager; import org.apache.tomcat.util.RequestUtil; import org.apache.tomcat.session.StandardManager; public class LocalMon { private ContextManager cm; private Request realRequest; private StandardManager _sessionMgr; public void init( HttpServletRequest request ){ FacadeManager facadeM = (FacadeManager)request.getAttribute( FacadeManager.FACADE_ATTRIBUTE); realRequest = facadeM.getRealRequest(request); cm = realRequest.getContext().getContextManager(); try{ int manager_note = cm.getNoteId( ContextManager.CONTAINER_NOTE, tomcat.standardManager ); _sessionMgr = (StandardManager)realRequest.getContext().getContainer().getNote(manager_note); } catch( Exception ignored ){ } } public boolean initialized(){ return ( cm != null ); } public String getNumSessions(){ return( String.valueOf( _sessionMgr.getSessions().size() ) ); } } == thanks a lot -cm __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com LocalMon.java localmon.jsp
Session of Tomcat.
Hi, Can I catch the event when a session is created from tomcat? Thx Harden
RE: Session of Tomcat.
Can I catch the event when a session is created from tomcat? Yes, take a look at javax.servlet.HttpSessionBindingListener in servlet API. This has been covered on this group before please look at the list archives. --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com
Re: Session of Tomcat.
Yes, take a look at javax.servlet.HttpSessionBindingListener in servlet API. This has been covered on this group before please look at the list archives. HSBL is when something is bound to the session, not when the session itself is created. You can create the sessions yourself I guess =) - r
RE: Session of Tomcat.
On Thu, 16 Aug 2001, Michael Wentzel wrote: Can I catch the event when a session is created from tomcat? Yes, take a look at javax.servlet.HttpSessionBindingListener in servlet API. This has been covered on this group before please look at the list archives. Actually, this doesn't accurately answer the original question. You can indeed use HttpSessionBindingListener to detect when a particular object is *added* to a session. That is not the same as when the session is *created*. Note that it explicitly requires the application to participate (by adding a specific session attribute). In a servlet 2.3 environment (i.e. Tomcat 4), there is a new feature called application event listeners. In particular, there are defined listeners for session created and session destroyed that are called at those precise times, not just when a particular object is added and removed. --- Michael Wentzel Craig McClanahan
RE: Session of Tomcat.
Can I catch the event when a session is created from tomcat? Yes, take a look at javax.servlet.HttpSessionBindingListener in servlet API. This has been covered on this group before please look at the list archives. Actually, this doesn't accurately answer the original question. You can indeed use HttpSessionBindingListener to detect when a particular object is *added* to a session. That is not the same as when the session is *created*. Note that it explicitly requires the application to participate (by adding a specific session attribute). In a servlet 2.3 environment (i.e. Tomcat 4), there is a new feature called application event listeners. In particular, there are defined listeners for session created and session destroyed that are called at those precise times, not just when a particular object is added and removed. That is what I mean. Binding Listeners and the Tomcat 4 implementation of the listeners have been discussed before and can be referred to in more detail in the archives. I believe someone mentioned doing this with a SessionInterceptor and the binding listener a while back but I'm not sure. --- Michael Wentzel Software Developer Software As We Think - http://www.aswethink.com
Re: Session of Tomcat.
Harden ZHU wrote: Hi, Can I catch the event when a session is created from tomcat? Thx Harden in: http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servletapi_p.html ... The session listener model is similar to the context listener model. In the session model, there's an HttpSessionListener interface with two methods: void sessionCreated(HttpSessionEvent e): Called when a session is created void sessionDestroyed(HttpSessionEvent e): Called when a session is destroyed (invalidated) ... j.h. :-) :-):-) :-):-)
Session in Tomcat
Hello friends, I need information about how Tomcat assign the numbers of ID for each session. I also need to know where is the Cookie JSessionID stored. I wait you can help me and thank you Pablo
RE: Session in Tomcat
About the session numbers: it uses SecureRandom to generate the numbers. More information can be found in Tomcat's source code for org.apache.tomcat.session.StandardManager, the method getNewSession seems to be particularly relevant. About storage of JSessionID: the clients software is free to store it wherever it wants. Most web browsers persist this to the disk as soon as they receive the cookie, but some delay and only persist when they want to. Randy -Original Message- From: Pablo Trujillo [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 30, 2001 12:08 PM To: [EMAIL PROTECTED] Subject: Session in Tomcat Hello friends, I need information about how Tomcat assign the numbers of ID for each session. I also need to know where is the Cookie JSessionID stored. I wait you can help me and thank you Pablo
Session In TOmcat
Hello friends, I need information about how Tomcat assign the numbers of ID for each session. I also need to know where is the Cookie JSessionID stored. I wait you can help me and thank you Pablo P.D.:This is the second time that I send the message, but I don't receive it. Excuse me for the nuisances
Persistent JSP-Session in Tomcat ?
Hi, I have a question about the failover capabilities of Tomcat. We want to setup an environment running multiple Tomcat-Servers. I've heart that there's a way in Tomcat to ensure that the JSP-sessions keep alive in case the a tomcat server falls down. Does anyone know how to setup such an environment ? Regards, Irma _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
RE: session between tomcat and IIS
Could this be that the JSESSIONID cookie is scoped to the webapp. IE if your webapp is called FOO, then only pages below /FOO can get that cookie. Also, I am assuming you are on the same server, since cookies don't travel across servers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 17, 2001 2:58 PM To: [EMAIL PROTECTED] Subject: session between tomcat and IIS Hello, I'm in a bit of a peckerwood situation here. Tomcat 3.2.1 Apache is the preferred apps but I have been told to integrate with an IIS machine. Ok, so my problem is that we create a session w/Tomcat and pass along some credentials in the session object. Everything is well and good except when the page needs to go to the ASP stuff. IIS is happy to create a session/cookie ASPSESSIONIDGGQQGGED however, if the asp page asks about the cookie JSESSIONID (from tomcat), it finds nothing. Anyone have any thoughts on how to pass the data around? Currently, my non-elegant solution is to use a form with hidden fields to post to the asp page and from there, it can decode the form variables. What are some other options? /bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]