Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>
Joey,
On 5/7/24 10:50, Joey Cochran wrote:
Coud this be the culprit ?
${CATALINA_BASE}/conf/context.xml
Possible, but the report was that every single request generates a new
JSESSIONID, not that every session seems to have expired and needs to be
re-initialized.
-chris
From: Hamdan Khan
Sent: Tuesday, May 7, 2024 9:09 AM
To: users@tomcat.apache.org
Subject: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even
with <%@ page session="false" %>
Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default tomcat session in debugger it says
(org.apache.catalina.session.StandardSessionFacade)
*That is just a single page and any page can potentially trigger session
cre*ation.
It is a multi page application we create and maintain our UserSession
object, which is used to auth on subsequent requests. The application is
working ok on many of our servers, but starts to generate jsessionid for
every request once the server goes in the problem state.
*It would be interesting to know if you need to clear both of these or
whether clearing just one is sufficient to resolve the issue. That might
narrow down potential root causes.*
I have requested the team to restart without removing work/temp will update
later in the week.
*You could try attaching a profiler and recording object allocations. That
should show you where/how sessions are being created.*
I don't think that is possible for a production server, but if we can get a
clue on how to reproduce this case.
We have a SessionListener, will add logging to it.
thanks,
Hamdan
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>
Coud this be the culprit ?
${CATALINA_BASE}/conf/context.xml
From: Hamdan Khan
Sent: Tuesday, May 7, 2024 9:09 AM
To: users@tomcat.apache.org
Subject: [EXTERNAL] RE: After Windows Server Restart, tomcat generating New
JSESSIONID even with <%@ page session="false" %>
Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default tomcat session in debugger it says
(org.apache.catalina.session.StandardSessionFacade)
*That is just a single page and any page can potentially trigger session
cre*ation.
It is a multi page application we create and maintain our UserSession
object, which is used to auth on subsequent requests. The application is
working ok on many of our servers, but starts to generate jsessionid for
every request once the server goes in the problem state.
*It would be interesting to know if you need to clear both of these or
whether clearing just one is sufficient to resolve the issue. That might
narrow down potential root causes.*
I have requested the team to restart without removing work/temp will update
later in the week.
*You could try attaching a profiler and recording object allocations. That
should show you where/how sessions are being created.*
I don't think that is possible for a production server, but if we can get a
clue on how to reproduce this case.
We have a SessionListener, will add logging to it.
thanks,
Hamdan
RE: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>
Thank you Mark, We have har files when the server is in error state, it shows that the jsessionid is sent in request. *Is there a reverse proxy in the mix?* No. we directly access tomcat. *Are you using sessions at all* Yes, we are using the default tomcat session in debugger it says (org.apache.catalina.session.StandardSessionFacade) *That is just a single page and any page can potentially trigger session cre*ation. It is a multi page application we create and maintain our UserSession object, which is used to auth on subsequent requests. The application is working ok on many of our servers, but starts to generate jsessionid for every request once the server goes in the problem state. *It would be interesting to know if you need to clear both of these or whether clearing just one is sufficient to resolve the issue. That might narrow down potential root causes.* I have requested the team to restart without removing work/temp will update later in the week. *You could try attaching a profiler and recording object allocations. That should show you where/how sessions are being created.* I don't think that is possible for a production server, but if we can get a clue on how to reproduce this case. We have a SessionListener, will add logging to it. thanks, Hamdan
Re: After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>
On 06/05/2024 11:05, Hamdan Khan wrote: Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts creating new session IDs for every request, That suggests that the client isn't returning the session ID to Tomcat for the subsequent request. I'd be asking why that is the case. Is there a reverse proxy in the mix? Are you using sessions at all or are they completely disabled? If yes, which session manager are you using? even though our jsp tells it not to. <%@ page session="false" %> That is just a single page and any page can potentially trigger session creation. We can fix this by deleting temp and work files from Tomcat and restarting the service ourselves. However, this is a manual process, and we'd like to find a more permanent solution. It would be interesting to know if you need to clear both of these or whether clearing just one is sufficient to resolve the issue. That might narrow down potential root causes. Can anyone help us understand why this might be happening? I can't think of any way Tomcat would do this. This feels more like an application issue at this point. Or what logs to configure and monitor. My preference would always be to attach an IDE and use remote debugging but that probably isn't an option in production. You could try attaching a profiler and recording object allocations. That should show you where/how sessions are being created. The minimally invasive option would probably be to add an HttpSessionListener to your application that logs the current stack trace every time a session is created. Version of Tomcat is Tomcat-9.0.83 To emphasize we are not able to reproduce this in our local computer it only happens to the longrunning production servers. If you manually reboot the production servers (without clearing out work or temp) can you trigger the issue? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
After Windows Server Restart, tomcat generating New JSESSIONID even with <%@ page session="false" %>
Hello everyone, We're having a problem with Tomcat on Windows servers. It only happens when: Tomcat is running as a service (automatically started by Windows). The Windows server automatically restarts for updates. After the restart, Tomcat starts creating new session IDs for every request, even though our jsp tells it not to. <%@ page session="false" %> We can fix this by deleting temp and work files from Tomcat and restarting the service ourselves. However, this is a manual process, and we'd like to find a more permanent solution. Can anyone help us understand why this might be happening? Or what logs to configure and monitor. Version of Tomcat is Tomcat-9.0.83 To emphasize we are not able to reproduce this in our local computer it only happens to the longrunning production servers. Thanks in advance for your help! Hamdan
