Internal Server Error - Read
Hi All, I am receiving the following error message while accessing my application - (apcahe web server + tomcat through Mod jk) Internal Server Error - Read The server encountered an internal error or misconfiguration and was unable to complete request. # Reference Number But there is no 500 error/exception in tomcat. One more interesting facts - it says client closed the connection with response body -0 Thanks, Arnab Ghosh
Overriding Close method of a Output print writer through HttpServletResponseWrapper
Hi, I need a help for the following problem - I have a web application where cookies are getting added multiple times and because of that response header is becoming big containing many duplicate cookies. Now the web application is so big that it is nearly impossible to correct those cookie logic in a short term. So I have planned to use a HttpServletResponseWrapper in a Filter. It will contain a HashMap. I have overridden the addcookie method of the response wrapper. Now the cookies will be added to the map instead of response. So it will not have any duplicate cookie. Now I have created a Custom Servlet Output Stream and Print writer and overridden the close method. Before closing the stream/writer I will take the cookies from map and will add to the actual response header. Problem is it works fine with pure servlet. But the close method of the stream/writer not getting called when using with JSP. What can be the issue - I have overridden the getOutPutStream/Getwriter method and those method will return my custom classes. I have also overridden the flushbuffer method. Thanks, Arnab Ghosh
Single Sign On Valve
Hello Friends, I want to know about the Single Sign On Valve. Why/when should we use this valve?? I have already studied the documentation about this. But I haven't got a clear idea about it. Is there any relation of Single-Sign-On with session management?? Please help me on this. Thanks, Arnab Ghosh
Fwd: Tomcat Session Id generation Overriding!!
Dear Friends,
Tomcat is using ManagerBase generateSessionId() to generate session Id. But
I want a generation mechnism where each sessionId will be unique in whole
tomcat. Right now it is unique in a single context. But I want uniqueness
will be among all context running under the tomcat. How can I do that (In a
easieast way)??
Still now I have written a class which has extended the
org.apache.session.standardManager class. Then I have changed the code
slightly. But I don't know whether any sideeffect will be there or not??
Please look on my
code
package com.myproject.session;
import java.util.HashSet;
import java.util.Set;
import org.apache.catalina.Session;
import org.apache.catalina.session.StandardManager;
public class MySessionManager extends StandardManager {
public static SetString unquieSessionIdset = new HashSetString();
@Override
public void remove(Session session) {
unquieSessionIdset.remove(session.getIdInternal());
super.remove(session);
}
@Override
protected synchronized String generateSessionId() {
byte random[] = new byte[16];
String jvmRoute = getJvmRoute();
String result = null;
// Render the result as a String of hexadecimal digits
StringBuffer buffer = new StringBuffer();
do {
int resultLenBytes = 0;
if (result != null) {
buffer = new StringBuffer();
duplicates++;
}
while (resultLenBytes this.sessionIdLength) {
getRandomBytes(random);
random = getDigest().digest(random);
for (int j = 0;
j random.length resultLenBytes this.sessionIdLength;
j++) {
byte b1 = (byte) ((random[j] 0xf0) 4);
byte b2 = (byte) (random[j] 0x0f);
if (b1 10)
buffer.append((char) ('0' + b1));
else
buffer.append((char) ('A' + (b1 - 10)));
if (b2 10)
buffer.append((char) ('0' + b2));
else
buffer.append((char) ('A' + (b2 - 10)));
resultLenBytes++;
}
}
if (jvmRoute != null) {
buffer.append('.').append(jvmRoute);
}
result = buffer.toString();
} while (sessions.containsKey(result) ||
!unquieSessionIdset.add(result));
return (result);
}
}
Can You please tell me whether it will have any other problem or not?? Or
can you give any alternative solution??
Actually I kept the existing code. With that I addeda a static set. And I am
keeping the generated session in set also. While generating Id I am trying
to add that to set. if successfully added then I will return that key.
Thanks
Arnab Ghosh
Re: Uniqueness of a sessionId
Dear Friends, Actually in my app I will be having 100 - 200 separte application/context which will forward request to a separate application / context running under same tomcat. I am doing this using cross-context mechanism. By this way I can reuse the servlets/jsp instances of that context. But if you follow the logic - it will be like this - 1. A new request came to context A. It will create a session and add a cookie jsessionid and will forward to main app. 2. The main app will create a new session using the jessionid added by context A. 3. Now another request came to context B. It will also do the same thing and forward to main app. Here is my doubt. Suppose the jessionid created by context B may exist in main app (may be created and then forwarded by some other context C). Then that request will be using that old session. right?? Still now I haven't faced that problem. But if it happens in production time it will be tough to get the problem. Now first of all I am not sure whether this can happen or not. Because every day there will be 100 contexts and each will be having a minimum 50 sessions. Thanks, Ghosh
Cross - context forwarding event!!!!!!!!!!!
Dear Friends, Is there any way to capture event while forwarding a request from one context to another context. Can I put a filter for that?? but it should execute only if it is a cross-context forwarding. Is there any listener available to capture that event?? I am looking for a request listener. But it will not execute when request will come from another context. I want a alternative approach to capture request before processing it. Thanks, Ghosh
Re: Cross Context Session Creation-
Dear Friends, In that case - suppose a session with a *D52869941C38BC234**CD9A940429C403A * Id is already present in context B (forwarded from context C ). Now a new request with same jsessionID came to context A . Then context A forwarded the request to context B .then will it override the existing session Id. (I don't know whether it is possible or not). I don't know whether two differenet session belongs to two different context can have a same sessionId or not?? I have another question -- If I comment the method - request.getsession(true) , in that case will there be any session?? Thanks, Ghosh On Fri, Jan 8, 2010 at 2:55 PM, Mark Thomas ma...@apache.org wrote: On 08/01/2010 07:18, Arnab Ghosh wrote: I found that session created in A and B are different and invisible to each other. But the session ID is same. I want to know is there any chance of overriding existing session in context B?? Is it a mere coincidence or is there any logic behind this same session Id scenario?? It is by design. If a session cookie is received but the session does not exist a new session is created using the ID from the cookie. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Uniqueness of a sessionId
Dear Friends, I have an doubt.Tomcat is using *org.apache.catalina.session.ManagerBase* to generate sessionId. Now I wants to know whether this generated key will be unique in all context running under a tomcat service or it will be unique under a particular context?? Thanks, Ghosh
Re: Uniqueness of a sessionId
Dear Joseph, Actually I am working on a cross-context application. There is one main application say A . It is a very big application . Now I want to create some more separate context which will reuse the context A. These other context will be very lightweight and will contain only one servlet and all request it will forward to appropriate URI of context A. While dispatching request from other context say B to A , a new session is getting created and then it is setting the JESSIONID cookie in request. Then it is forwarding the request to context B. Context B is checking the JESSIONID and creating a new session with the existing cookie. Now in this scenario, it may happen a session with that sessionId is already available in context B.(created and then forwarded by another context say C). In that case it will start using that session. So that's why I want a unique active sessionId set to maintain uniqueness of each session in context B. Thanks, Ghosh Now On Fri, Jan 8, 2010 at 7:06 PM, Joseph Morgan joseph.mor...@ignitesales.com wrote: Arnab, I've been silently following your thread (mainly because I'm not even remotely as smart as the folks out here), but it seems you have an issue of architecture, and not of Tomcat capabilities. I'm still not sure what you are doing, but it seems you want to be able to pass (and cache as a session) data between instances. Many do this with either a DB or a messaging system (which is essentially a DB app with correlation abilities). If you simply need unique IDs across contexts, you should think about setting up a service to issue those IDs. A quick hack on that would be to set up a very small app with a single service that spits back session id's. However, if those session id's need to be persistent, a DB table with a single autoincrement would suffice.
Re: Uniqueness of a sessionId
Dear Friends, How it will be I create a new manager which will extend standardmanager and then if overload the generateSessionId() method. I will mot change the session Id generation code. Instead of that I will add a new static set and will store all generated sessionId there. I will continue the loop of generating a unique session Id until it get added in that static set (By default it will check a instance map where it used to store all session and sessionId as a key). Thanks, Ghosh On Sat, Jan 9, 2010 at 2:22 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim, On 1/8/2010 8:38 AM, Tim Funk wrote: The way things work now by default ... The session cookie is set at the path level and is different per context. So you may have multiple sessino id cookies set for a given server (but given the path constraint on the cookie - you only get one of those cookies (typically)) Yup: as long as you don't have nested contexts (i.e. /foo and /foo/bar) then you shouldn't have any JSESSIONID cookie confusion. If you are using URL rewriting, then just make sure not to re-write URLs that switch between webapps (or re-write then very carefully) and you'll be fine. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktHmv0ACgkQ9CaO5/Lv0PBvTgCgv73LzcAB5IGmhF+FW61ITPRi F2UAn0P/3OCBKLu2YuHHCTGpd4xNU3/u =MfpQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Cross Context Session Creation-
Hello Friends, I am using a cross context mode in my web application. Suppose there are 3 web conext A , B, C. They will access another web application D through cross context forwarding. Now I want to know while forwarding a request from A to D , whether session will go from A to D or a new session will be created under D. Also I want to know how many active session I can create under a web application/context in tomcat?? I am using tomcat 6.x and java 6. Thanks, Ghosh
Re: Cross Context Session Creation-
Dear Friends, *To quote from 7.3 of the servlet spec (which you should read): HttpSession objects must be scoped at the application (or servlet context) level. The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container. To illustrate this requirement with an example: if a servlet uses the RequestDispatcher to call a servlet in another Web application, any sessions created for and visible to the servlet being called must be different from those visible to the calling servlet. * Actually I have an doubt . I ran a test cycle. I cleared all cookies and then I sent a request to context A then from there it will forward to context B. I have added session listener in both context. See the below result - I am in a servlet of *context A* Calling *request.getSession(true);* Session Created in A *D52869941C38BC234CD9A940429C403A* ( session listener in context A) Session ID*D52869941C38BC234CD9A940429C403A* Forwarding to another servlet *of context B* session Created in B-*D52869941C38BC234CD9A940429C403A* ( session listener in context B) Request Forwarded I found that session created in A and B are different and invisible to each other. But the session ID is same. I want to know is there any chance of overriding existing session in context B?? Is it a mere coincidence or is there any logic behind this same session Id scenario?? Thanks, Ghosh On Thu, Jan 7, 2010 at 11:50 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Arnab Ghosh [mailto:gh...@glenwoodsystems.com] Subject: Cross Context Session Creation- Now I want to know while forwarding a request from A to D , whether session will go from A to D or a new session will be created under D. To quote from 7.3 of the servlet spec (which you should read): HttpSession objects must be scoped at the application (or servlet context) level. The underlying mechanism, such as the cookie used to establish the session, can be the same for different contexts, but the object referenced, including the attributes in that object, must never be shared between contexts by the container. To illustrate this requirement with an example: if a servlet uses the RequestDispatcher to call a servlet in another Web application, any sessions created for and visible to the servlet being called must be different from those visible to the calling servlet. Also I want to know how many active session I can create under a web application/context in tomcat?? Whatever your heap size allows. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
