Re: Losing session between calls from mobile phone
Chris and Peter, Yes, after using HTTPS in every url, session does not get loss any more. Thank you for spotting the cause. -aj On Sat, May 2, 2020 at 7:01 AM logo wrote: > AJ > > > Am 30.04.2020 um 22:22 schrieb AJ Chen : > > > > The session problem happens when testing without SSL. > > > Just a thought: > > If the session cookie has the secure flag it will not be sent on http > requests. (That would fail your test above in any case!) > > Now if that happens during regular https usage, it could be that one > requests redirects to http. That will remove the cookie and a new session > will be generated. The next https-request will have new cookie and then you > start from scratch. > > > Could that be possible? > > Peter > > > > I'll try to test with Tomcat session manager example app. Thanks, Chris. > > > > -aj > > > > On Wed, Apr 29, 2020 at 3:05 PM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA256 > >> > >> AJ, > >> > >> On 4/29/20 13:46, AJ Chen wrote: > >>> On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < > >>> ch...@christopherschultz.net> wrote: > >>> > >>> AJ, > >>> > >>> On 4/29/20 13:24, AJ Chen wrote: > >> Chris, When i use my latest iphone 11 to access the web app, > >> tomcat server generates new session every time. It's normal > >> use, not private browsing.> I did not change any setting on > >> tomcat regarding session, use default session tracking. Is > >> there any setting that can enforce using previous session > >> (i.e. track session)? Can I save the previous SessionID and > >> use it to get the session with this id explicitly? > >>> AFAIK, Safari Mobile doesn't do anything weird. > >>> > >>> Are you always using TLS (HTTPS)? > >>> > >>> -chris > >>> > >> On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > >> AJ, > >> > >> On 4/28/20 16:13, AJ Chen wrote: > > Andre, thanks for asking the questions. Yes, we try to > > get understand the behaviors. > > > > We have seen iphone and other android phones, on > > different carriers, from different networks, encounter > > this problem - losing session. It does not seem there > > is a pattern so far. Users use all kinds of phones. > > Some of their phones experience this problem. > >> > >> Are any of them using "private browsing" or anything like > >> that? > >> > >> Are you just using the standard Tomcat-generated JSESSIONID > >> cookies? > >> > >> -chris > >> > > On Tue, Apr 28, 2020 at 12:08 PM André Warnier > > (tomcat/perl) wrote: > > > >> On 28.04.2020 18:28, AJ Chen wrote: > >>> Thanks. Martin and Mark. > >>> > >>> I can recreate the problem: I compare two > >>> different mobile phones. One phone can log in and > >>> proceed. Server log shows the same session persists > >>> (same sessionID upon different requests). The other > >>> phone can log in, but upon next request, server log > >>> show a new session is always created (new > >>> sessionId). > >>> > >>> Since session tracking works on PC browser and > >>> some mobile phone, the > >> proxy > >>> (if any) in front of aws EC2 server should not be > >>> the problem. > >> Anything > >>> else may be missing? > >>> > >> > >> Asking just in case : - are the 2 phones on the same > >> network carrier ? - are they the same brand, or at > >> least OS ? - if you connect them both to the same > >> local WiFi, do they still act differently ? > >> > >> Note : no idea if this makes any difference, but > >> we're trying to find a reason why they act > >> differently when using the same Internet application > >> server, right ? > >> > >>> -aj > >>> > >>> > >>> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas > >>> wrote: > >>> > On 28/04/2020 07:47, Martin Grigorov wrote: > > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > > > >> wrote: > > > >> Anyway to fix it? thanks. -aj > >> > > > > First you need to investigate whether there is > > a proxy. Then what kind of proxy. Then where is > > its configuration. Then consult with its manual > > and see whether there is something > > wrong/missng. > > I'd recommend taking a step back. > > Guessing at what might be wrong and then trying > to fix the problem you have only guessed at is > unlikely to work. > > Can you
Re: Losing session between calls from mobile phone
AJ > Am 30.04.2020 um 22:22 schrieb AJ Chen : > > The session problem happens when testing without SSL. > Just a thought: If the session cookie has the secure flag it will not be sent on http requests. (That would fail your test above in any case!) Now if that happens during regular https usage, it could be that one requests redirects to http. That will remove the cookie and a new session will be generated. The next https-request will have new cookie and then you start from scratch. Could that be possible? Peter > I'll try to test with Tomcat session manager example app. Thanks, Chris. > > -aj > > On Wed, Apr 29, 2020 at 3:05 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> AJ, >> >> On 4/29/20 13:46, AJ Chen wrote: >>> On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>> AJ, >>> >>> On 4/29/20 13:24, AJ Chen wrote: >> Chris, When i use my latest iphone 11 to access the web app, >> tomcat server generates new session every time. It's normal >> use, not private browsing.> I did not change any setting on >> tomcat regarding session, use default session tracking. Is >> there any setting that can enforce using previous session >> (i.e. track session)? Can I save the previous SessionID and >> use it to get the session with this id explicitly? >>> AFAIK, Safari Mobile doesn't do anything weird. >>> >>> Are you always using TLS (HTTPS)? >>> >>> -chris >>> >> On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >> AJ, >> >> On 4/28/20 16:13, AJ Chen wrote: > Andre, thanks for asking the questions. Yes, we try to > get understand the behaviors. > > We have seen iphone and other android phones, on > different carriers, from different networks, encounter > this problem - losing session. It does not seem there > is a pattern so far. Users use all kinds of phones. > Some of their phones experience this problem. >> >> Are any of them using "private browsing" or anything like >> that? >> >> Are you just using the standard Tomcat-generated JSESSIONID >> cookies? >> >> -chris >> > On Tue, Apr 28, 2020 at 12:08 PM André Warnier > (tomcat/perl) wrote: > >> On 28.04.2020 18:28, AJ Chen wrote: >>> Thanks. Martin and Mark. >>> >>> I can recreate the problem: I compare two >>> different mobile phones. One phone can log in and >>> proceed. Server log shows the same session persists >>> (same sessionID upon different requests). The other >>> phone can log in, but upon next request, server log >>> show a new session is always created (new >>> sessionId). >>> >>> Since session tracking works on PC browser and >>> some mobile phone, the >> proxy >>> (if any) in front of aws EC2 server should not be >>> the problem. >> Anything >>> else may be missing? >>> >> >> Asking just in case : - are the 2 phones on the same >> network carrier ? - are they the same brand, or at >> least OS ? - if you connect them both to the same >> local WiFi, do they still act differently ? >> >> Note : no idea if this makes any difference, but >> we're trying to find a reason why they act >> differently when using the same Internet application >> server, right ? >> >>> -aj >>> >>> >>> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas >>> wrote: >>> On 28/04/2020 07:47, Martin Grigorov wrote: > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > >> wrote: > >> Anyway to fix it? thanks. -aj >> > > First you need to investigate whether there is > a proxy. Then what kind of proxy. Then where is > its configuration. Then consult with its manual > and see whether there is something > wrong/missng. I'd recommend taking a step back. Guessing at what might be wrong and then trying to fix the problem you have only guessed at is unlikely to work. Can you recreate the problem? You can't tell if something is fixed if you can't recreate it. Once you recreate the problem then you can start to narrow it down. You need to track what is happening to the session ID. You'll probably need to add some information to the access log, possibly look at some raw network logs and/or
Re: Losing session between calls from mobile phone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AJ, On 4/30/20 16:22, AJ Chen wrote: > The session problem happens when testing without SSL. If you aren't using SSL, setting secure="true" on the connector will cause a problem, here. All Cookies will be created with secure="true" and the browser will refuse to send them to the server along with requests. So this is likely the problem. So stop using HTTP and always use HTTPS :) - -chris > On Wed, Apr 29, 2020 at 3:05 PM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > AJ, > > On 4/29/20 13:46, AJ Chen wrote: On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < ch...@christopherschultz.net> wrote: AJ, On 4/29/20 13:24, AJ Chen wrote: >>> Chris, When i use my latest iphone 11 to access the web >>> app, tomcat server generates new session every time. >>> It's normal use, not private browsing.> I did not >>> change any setting on tomcat regarding session, use >>> default session tracking. Is there any setting that can >>> enforce using previous session (i.e. track session)? >>> Can I save the previous SessionID and use it to get the >>> session with this id explicitly? AFAIK, Safari Mobile doesn't do anything weird. Are you always using TLS (HTTPS)? -chris >>> On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>> AJ, >>> >>> On 4/28/20 16:13, AJ Chen wrote: >> Andre, thanks for asking the questions. Yes, we >> try to get understand the behaviors. >> >> We have seen iphone and other android phones, on >> different carriers, from different networks, >> encounter this problem - losing session. It does >> not seem there is a pattern so far. Users use all >> kinds of phones. Some of their phones experience >> this problem. >>> >>> Are any of them using "private browsing" or anything >>> like that? >>> >>> Are you just using the standard Tomcat-generated >>> JSESSIONID cookies? >>> >>> -chris >>> >> On Tue, Apr 28, 2020 at 12:08 PM André Warnier >> (tomcat/perl) wrote: >> >>> On 28.04.2020 18:28, AJ Chen wrote: Thanks. Martin and Mark. I can recreate the problem: I compare two different mobile phones. One phone can log in and proceed. Server log shows the same session persists (same sessionID upon different requests). The other phone can log in, but upon next request, server log show a new session is always created (new sessionId). Since session tracking works on PC browser and some mobile phone, the >>> proxy (if any) in front of aws EC2 server should not be the problem. >>> Anything else may be missing? >>> >>> Asking just in case : - are the 2 phones on the >>> same network carrier ? - are they the same >>> brand, or at least OS ? - if you connect them >>> both to the same local WiFi, do they still act >>> differently ? >>> >>> Note : no idea if this makes any difference, >>> but we're trying to find a reason why they act >>> differently when using the same Internet >>> application server, right ? >>> -aj On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas wrote: > On 28/04/2020 07:47, Martin Grigorov > wrote: >> On Tue, Apr 28, 2020 at 9:11 AM AJ Chen >> >>> wrote: >> >>> Anyway to fix it? thanks. -aj >>> >> >> First you need to investigate whether >> there is a proxy. Then what kind of >> proxy. Then where is its configuration. >> Then consult with its manual and see >> whether there is something wrong/missng. > > I'd recommend taking a step back. > > Guessing at what might be wrong and then > trying to fix the problem you have only > guessed at is unlikely to work. > > Can you recreate the problem? You can't > tell if something is fixed if you can't > recreate it. > > Once you recreate the problem then you can > start to narrow it down. You need to track > what is happening to the session ID. You'll > probably need to add some information to > the access log, possibly look at some raw > network logs and/or look at HTTP headers on > the client.. >
Re: Losing session between calls from mobile phone
The session problem happens when testing without SSL. I'll try to test with Tomcat session manager example app. Thanks, Chris. -aj On Wed, Apr 29, 2020 at 3:05 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > AJ, > > On 4/29/20 13:46, AJ Chen wrote: > > On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > AJ, > > > > On 4/29/20 13:24, AJ Chen wrote: > Chris, When i use my latest iphone 11 to access the web app, > tomcat server generates new session every time. It's normal > use, not private browsing.> I did not change any setting on > tomcat regarding session, use default session tracking. Is > there any setting that can enforce using previous session > (i.e. track session)? Can I save the previous SessionID and > use it to get the session with this id explicitly? > > AFAIK, Safari Mobile doesn't do anything weird. > > > > Are you always using TLS (HTTPS)? > > > > -chris > > > On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > AJ, > > On 4/28/20 16:13, AJ Chen wrote: > >>> Andre, thanks for asking the questions. Yes, we try to > >>> get understand the behaviors. > >>> > >>> We have seen iphone and other android phones, on > >>> different carriers, from different networks, encounter > >>> this problem - losing session. It does not seem there > >>> is a pattern so far. Users use all kinds of phones. > >>> Some of their phones experience this problem. > > Are any of them using "private browsing" or anything like > that? > > Are you just using the standard Tomcat-generated JSESSIONID > cookies? > > -chris > > >>> On Tue, Apr 28, 2020 at 12:08 PM André Warnier > >>> (tomcat/perl) wrote: > >>> > On 28.04.2020 18:28, AJ Chen wrote: > > Thanks. Martin and Mark. > > > > I can recreate the problem: I compare two > > different mobile phones. One phone can log in and > > proceed. Server log shows the same session persists > > (same sessionID upon different requests). The other > > phone can log in, but upon next request, server log > > show a new session is always created (new > > sessionId). > > > > Since session tracking works on PC browser and > > some mobile phone, the > proxy > > (if any) in front of aws EC2 server should not be > > the problem. > Anything > > else may be missing? > > > > Asking just in case : - are the 2 phones on the same > network carrier ? - are they the same brand, or at > least OS ? - if you connect them both to the same > local WiFi, do they still act differently ? > > Note : no idea if this makes any difference, but > we're trying to find a reason why they act > differently when using the same Internet application > server, right ? > > > -aj > > > > > > On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas > > wrote: > > > >> On 28/04/2020 07:47, Martin Grigorov wrote: > >>> On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > >>> > wrote: > >>> > Anyway to fix it? thanks. -aj > > >>> > >>> First you need to investigate whether there is > >>> a proxy. Then what kind of proxy. Then where is > >>> its configuration. Then consult with its manual > >>> and see whether there is something > >>> wrong/missng. > >> > >> I'd recommend taking a step back. > >> > >> Guessing at what might be wrong and then trying > >> to fix the problem you have only guessed at is > >> unlikely to work. > >> > >> Can you recreate the problem? You can't tell if > >> something is fixed if you can't recreate it. > >> > >> Once you recreate the problem then you can start > >> to narrow it down. You need to track what is > >> happening to the session ID. You'll probably need > >> to add some information to the access log, > >> possibly look at some raw network logs and/or > >> look at HTTP headers on the client.. > >> > >> Somewhere in all of the above you should find out > >> where the session ID is getting dropped. Then you > >> need to figure out why. Only then you know why > >> this is happening can you start to think about a > >> solution. > >> > >> Mark > >> > >> > >>> > >>> > > > On Mon, Apr 27, 2020 at 10:54 PM Martin > Grigorov
Re: Losing session between calls from mobile phone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AJ, On 4/29/20 13:46, AJ Chen wrote: > On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > AJ, > > On 4/29/20 13:24, AJ Chen wrote: Chris, When i use my latest iphone 11 to access the web app, tomcat server generates new session every time. It's normal use, not private browsing.> I did not change any setting on tomcat regarding session, use default session tracking. Is there any setting that can enforce using previous session (i.e. track session)? Can I save the previous SessionID and use it to get the session with this id explicitly? > AFAIK, Safari Mobile doesn't do anything weird. > > Are you always using TLS (HTTPS)? > > -chris > On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < ch...@christopherschultz.net> wrote: AJ, On 4/28/20 16:13, AJ Chen wrote: >>> Andre, thanks for asking the questions. Yes, we try to >>> get understand the behaviors. >>> >>> We have seen iphone and other android phones, on >>> different carriers, from different networks, encounter >>> this problem - losing session. It does not seem there >>> is a pattern so far. Users use all kinds of phones. >>> Some of their phones experience this problem. Are any of them using "private browsing" or anything like that? Are you just using the standard Tomcat-generated JSESSIONID cookies? -chris >>> On Tue, Apr 28, 2020 at 12:08 PM André Warnier >>> (tomcat/perl) wrote: >>> On 28.04.2020 18:28, AJ Chen wrote: > Thanks. Martin and Mark. > > I can recreate the problem: I compare two > different mobile phones. One phone can log in and > proceed. Server log shows the same session persists > (same sessionID upon different requests). The other > phone can log in, but upon next request, server log > show a new session is always created (new > sessionId). > > Since session tracking works on PC browser and > some mobile phone, the proxy > (if any) in front of aws EC2 server should not be > the problem. Anything > else may be missing? > Asking just in case : - are the 2 phones on the same network carrier ? - are they the same brand, or at least OS ? - if you connect them both to the same local WiFi, do they still act differently ? Note : no idea if this makes any difference, but we're trying to find a reason why they act differently when using the same Internet application server, right ? > -aj > > > On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas > wrote: > >> On 28/04/2020 07:47, Martin Grigorov wrote: >>> On Tue, Apr 28, 2020 at 9:11 AM AJ Chen >>> wrote: >>> Anyway to fix it? thanks. -aj >>> >>> First you need to investigate whether there is >>> a proxy. Then what kind of proxy. Then where is >>> its configuration. Then consult with its manual >>> and see whether there is something >>> wrong/missng. >> >> I'd recommend taking a step back. >> >> Guessing at what might be wrong and then trying >> to fix the problem you have only guessed at is >> unlikely to work. >> >> Can you recreate the problem? You can't tell if >> something is fixed if you can't recreate it. >> >> Once you recreate the problem then you can start >> to narrow it down. You need to track what is >> happening to the session ID. You'll probably need >> to add some information to the access log, >> possibly look at some raw network logs and/or >> look at HTTP headers on the client.. >> >> Somewhere in all of the above you should find out >> where the session ID is getting dropped. Then you >> need to figure out why. Only then you know why >> this is happening can you start to think about a >> solution. >> >> Mark >> >> >>> >>> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < mgrigo...@apache.org> wrote: > Hi, > > On Tue, Apr 28, 2020 at 2:23 AM AJ Chen > >> wrote: > >> My web application using tomcat 6 can >> track user session (cookie by default) >> for mobile and PC users in dev >> environment. But when deployed on >> cloud server, it fails to track session
Re: Losing session between calls from mobile phone
server.xml is configured for HTTPS. -aj On Wed, Apr 29, 2020 at 10:28 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > AJ, > > On 4/29/20 13:24, AJ Chen wrote: > > Chris, When i use my latest iphone 11 to access the web app, tomcat > > server generates new session every time. It's normal use, not > > private browsing.> I did not change any setting on tomcat regarding > > session, use default session tracking. Is there any setting that > > can enforce using previous session (i.e. track session)? Can I > > save the previous SessionID and use it to get the session with this > > id explicitly? > AFAIK, Safari Mobile doesn't do anything weird. > > Are you always using TLS (HTTPS)? > > - -chris > > > On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > AJ, > > > > On 4/28/20 16:13, AJ Chen wrote: > Andre, thanks for asking the questions. Yes, we try to get > understand the behaviors. > > We have seen iphone and other android phones, on different > carriers, from different networks, encounter this problem - > losing session. It does not seem there is a pattern so far. > Users use all kinds of phones. Some of their phones > experience this problem. > > > > Are any of them using "private browsing" or anything like that? > > > > Are you just using the standard Tomcat-generated JSESSIONID > > cookies? > > > > -chris > > > On Tue, Apr 28, 2020 at 12:08 PM André Warnier (tomcat/perl) > wrote: > > > On 28.04.2020 18:28, AJ Chen wrote: > >> Thanks. Martin and Mark. > >> > >> I can recreate the problem: I compare two different > >> mobile phones. One phone can log in and proceed. Server > >> log shows the same session persists (same sessionID upon > >> different requests). The other phone can log in, but upon > >> next request, server log show a new session is always > >> created (new sessionId). > >> > >> Since session tracking works on PC browser and some > >> mobile phone, the > > proxy > >> (if any) in front of aws EC2 server should not be the > >> problem. > > Anything > >> else may be missing? > >> > > > > Asking just in case : - are the 2 phones on the same > > network carrier ? - are they the same brand, or at least OS > > ? - if you connect them both to the same local WiFi, do > > they still act differently ? > > > > Note : no idea if this makes any difference, but we're > > trying to find a reason why they act differently when using > > the same Internet application server, right ? > > > >> -aj > >> > >> > >> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas > >> wrote: > >> > >>> On 28/04/2020 07:47, Martin Grigorov wrote: > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > > > wrote: > > > Anyway to fix it? thanks. -aj > > > > First you need to investigate whether there is a > proxy. Then what kind of proxy. Then where is its > configuration. Then consult with its manual and see > whether there is something wrong/missng. > >>> > >>> I'd recommend taking a step back. > >>> > >>> Guessing at what might be wrong and then trying to fix > >>> the problem you have only guessed at is unlikely to > >>> work. > >>> > >>> Can you recreate the problem? You can't tell if > >>> something is fixed if you can't recreate it. > >>> > >>> Once you recreate the problem then you can start to > >>> narrow it down. You need to track what is happening to > >>> the session ID. You'll probably need to add some > >>> information to the access log, possibly look at some > >>> raw network logs and/or look at HTTP headers on the > >>> client.. > >>> > >>> Somewhere in all of the above you should find out where > >>> the session ID is getting dropped. Then you need to > >>> figure out why. Only then you know why this is > >>> happening can you start to think about a solution. > >>> > >>> Mark > >>> > >>> > > > > > > > > On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < > > mgrigo...@apache.org> > > wrote: > > > >> Hi, > >> > >> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen > >> > >>> wrote: > >> > >>> My web application using tomcat 6 can track > >>> user session (cookie by default) for mobile and > >>> PC users in dev environment. But when > > deployed > > on > >>> cloud server, it fails to track session for > >>> some mobile users. > >>> meaning, > >>> servlet always creates a new session upon user > >>> request. > >>> > >>> Any idea why this happens? >
Re: Losing session between calls from mobile phone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AJ, On 4/29/20 13:24, AJ Chen wrote: > Chris, When i use my latest iphone 11 to access the web app, tomcat > server generates new session every time. It's normal use, not > private browsing.> I did not change any setting on tomcat regarding > session, use default session tracking. Is there any setting that > can enforce using previous session (i.e. track session)? Can I > save the previous SessionID and use it to get the session with this > id explicitly? AFAIK, Safari Mobile doesn't do anything weird. Are you always using TLS (HTTPS)? - -chris > On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < > ch...@christopherschultz.net> wrote: > > AJ, > > On 4/28/20 16:13, AJ Chen wrote: Andre, thanks for asking the questions. Yes, we try to get understand the behaviors. We have seen iphone and other android phones, on different carriers, from different networks, encounter this problem - losing session. It does not seem there is a pattern so far. Users use all kinds of phones. Some of their phones experience this problem. > > Are any of them using "private browsing" or anything like that? > > Are you just using the standard Tomcat-generated JSESSIONID > cookies? > > -chris > On Tue, Apr 28, 2020 at 12:08 PM André Warnier (tomcat/perl) wrote: > On 28.04.2020 18:28, AJ Chen wrote: >> Thanks. Martin and Mark. >> >> I can recreate the problem: I compare two different >> mobile phones. One phone can log in and proceed. Server >> log shows the same session persists (same sessionID upon >> different requests). The other phone can log in, but upon >> next request, server log show a new session is always >> created (new sessionId). >> >> Since session tracking works on PC browser and some >> mobile phone, the > proxy >> (if any) in front of aws EC2 server should not be the >> problem. > Anything >> else may be missing? >> > > Asking just in case : - are the 2 phones on the same > network carrier ? - are they the same brand, or at least OS > ? - if you connect them both to the same local WiFi, do > they still act differently ? > > Note : no idea if this makes any difference, but we're > trying to find a reason why they act differently when using > the same Internet application server, right ? > >> -aj >> >> >> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas >> wrote: >> >>> On 28/04/2020 07:47, Martin Grigorov wrote: On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > wrote: > Anyway to fix it? thanks. -aj > First you need to investigate whether there is a proxy. Then what kind of proxy. Then where is its configuration. Then consult with its manual and see whether there is something wrong/missng. >>> >>> I'd recommend taking a step back. >>> >>> Guessing at what might be wrong and then trying to fix >>> the problem you have only guessed at is unlikely to >>> work. >>> >>> Can you recreate the problem? You can't tell if >>> something is fixed if you can't recreate it. >>> >>> Once you recreate the problem then you can start to >>> narrow it down. You need to track what is happening to >>> the session ID. You'll probably need to add some >>> information to the access log, possibly look at some >>> raw network logs and/or look at HTTP headers on the >>> client.. >>> >>> Somewhere in all of the above you should find out where >>> the session ID is getting dropped. Then you need to >>> figure out why. Only then you know why this is >>> happening can you start to think about a solution. >>> >>> Mark >>> >>> > > > On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < > mgrigo...@apache.org> > wrote: > >> Hi, >> >> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen >> >>> wrote: >> >>> My web application using tomcat 6 can track >>> user session (cookie by default) for mobile and >>> PC users in dev environment. But when > deployed > on >>> cloud server, it fails to track session for >>> some mobile users. >>> meaning, >>> servlet always creates a new session upon user >>> request. >>> >>> Any idea why this happens? >>> >> >> Most probably there is a proxy in front of Tomcat >> in the cloud > environment >> which does not properly forward the JSESSIONID >> cookie. >> >> Martin >> >> >>> >>> aj >>> >> > >>> >>> >>> -
Re: Losing session between calls from mobile phone
Chris, When i use my latest iphone 11 to access the web app, tomcat server generates new session every time. It's normal use, not private browsing. I did not change any setting on tomcat regarding session, use default session tracking. Is there any setting that can enforce using previous session (i.e. track session)? Can I save the previous SessionID and use it to get the session with this id explicitly? -aj On Wed, Apr 29, 2020 at 10:13 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > AJ, > > On 4/28/20 16:13, AJ Chen wrote: > > Andre, thanks for asking the questions. Yes, we try to get > > understand the behaviors. > > > > We have seen iphone and other android phones, on different > > carriers, from different networks, encounter this problem - losing > > session. It does not seem there is a pattern so far. Users use all > > kinds of phones. Some of their phones experience this problem. > > Are any of them using "private browsing" or anything like that? > > Are you just using the standard Tomcat-generated JSESSIONID cookies? > > - -chris > > > On Tue, Apr 28, 2020 at 12:08 PM André Warnier (tomcat/perl) > > wrote: > > > >> On 28.04.2020 18:28, AJ Chen wrote: > >>> Thanks. Martin and Mark. > >>> > >>> I can recreate the problem: I compare two different mobile > >>> phones. One phone can log in and proceed. Server log shows the > >>> same session persists (same sessionID upon different requests). > >>> The other phone can log in, but upon next request, server log > >>> show a new session is always created (new sessionId). > >>> > >>> Since session tracking works on PC browser and some mobile > >>> phone, the > >> proxy > >>> (if any) in front of aws EC2 server should not be the problem. > >> Anything > >>> else may be missing? > >>> > >> > >> Asking just in case : - are the 2 phones on the same network > >> carrier ? - are they the same brand, or at least OS ? - if you > >> connect them both to the same local WiFi, do they still act > >> differently ? > >> > >> Note : no idea if this makes any difference, but we're trying to > >> find a reason why they act differently when using the same > >> Internet application server, right ? > >> > >>> -aj > >>> > >>> > >>> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas > >>> wrote: > >>> > On 28/04/2020 07:47, Martin Grigorov wrote: > > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > > > >> wrote: > > > >> Anyway to fix it? thanks. -aj > >> > > > > First you need to investigate whether there is a proxy. > > Then what kind of proxy. Then where is its configuration. > > Then consult with its manual and see whether there is > > something wrong/missng. > > I'd recommend taking a step back. > > Guessing at what might be wrong and then trying to fix the > problem you have only guessed at is unlikely to work. > > Can you recreate the problem? You can't tell if something is > fixed if you can't recreate it. > > Once you recreate the problem then you can start to narrow it > down. You need to track what is happening to the session ID. > You'll probably need to add some information to the access > log, possibly look at some raw network logs and/or look at > HTTP headers on the client.. > > Somewhere in all of the above you should find out where the > session ID is getting dropped. Then you need to figure out > why. Only then you know why this is happening can you start > to think about a solution. > > Mark > > > > > > > >> > >> > >> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < > >> mgrigo...@apache.org> > >> wrote: > >> > >>> Hi, > >>> > >>> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen > >>> > wrote: > >>> > My web application using tomcat 6 can track user > session (cookie by default) for mobile and PC users > in dev environment. But when > >> deployed > >> on > cloud server, it fails to track session for some > mobile users. > meaning, > servlet always creates a new session upon user > request. > > Any idea why this happens? > > >>> > >>> Most probably there is a proxy in front of Tomcat in > >>> the cloud > >> environment > >>> which does not properly forward the JSESSIONID cookie. > >>> > >>> Martin > >>> > >>> > > aj > > >>> > >> > > > > > --- > - -- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org > > > >>> > >> > >> > >> - > >> > >> > To unsubscribe, e-mail:
Re: Losing session between calls from mobile phone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AJ, On 4/28/20 16:13, AJ Chen wrote: > Andre, thanks for asking the questions. Yes, we try to get > understand the behaviors. > > We have seen iphone and other android phones, on different > carriers, from different networks, encounter this problem - losing > session. It does not seem there is a pattern so far. Users use all > kinds of phones. Some of their phones experience this problem. Are any of them using "private browsing" or anything like that? Are you just using the standard Tomcat-generated JSESSIONID cookies? - -chris > On Tue, Apr 28, 2020 at 12:08 PM André Warnier (tomcat/perl) > wrote: > >> On 28.04.2020 18:28, AJ Chen wrote: >>> Thanks. Martin and Mark. >>> >>> I can recreate the problem: I compare two different mobile >>> phones. One phone can log in and proceed. Server log shows the >>> same session persists (same sessionID upon different requests). >>> The other phone can log in, but upon next request, server log >>> show a new session is always created (new sessionId). >>> >>> Since session tracking works on PC browser and some mobile >>> phone, the >> proxy >>> (if any) in front of aws EC2 server should not be the problem. >> Anything >>> else may be missing? >>> >> >> Asking just in case : - are the 2 phones on the same network >> carrier ? - are they the same brand, or at least OS ? - if you >> connect them both to the same local WiFi, do they still act >> differently ? >> >> Note : no idea if this makes any difference, but we're trying to >> find a reason why they act differently when using the same >> Internet application server, right ? >> >>> -aj >>> >>> >>> On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas >>> wrote: >>> On 28/04/2020 07:47, Martin Grigorov wrote: > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > >> wrote: > >> Anyway to fix it? thanks. -aj >> > > First you need to investigate whether there is a proxy. > Then what kind of proxy. Then where is its configuration. > Then consult with its manual and see whether there is > something wrong/missng. I'd recommend taking a step back. Guessing at what might be wrong and then trying to fix the problem you have only guessed at is unlikely to work. Can you recreate the problem? You can't tell if something is fixed if you can't recreate it. Once you recreate the problem then you can start to narrow it down. You need to track what is happening to the session ID. You'll probably need to add some information to the access log, possibly look at some raw network logs and/or look at HTTP headers on the client.. Somewhere in all of the above you should find out where the session ID is getting dropped. Then you need to figure out why. Only then you know why this is happening can you start to think about a solution. Mark > > >> >> >> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < >> mgrigo...@apache.org> >> wrote: >> >>> Hi, >>> >>> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen >>> wrote: >>> My web application using tomcat 6 can track user session (cookie by default) for mobile and PC users in dev environment. But when >> deployed >> on cloud server, it fails to track session for some mobile users. meaning, servlet always creates a new session upon user request. Any idea why this happens? >>> >>> Most probably there is a proxy in front of Tomcat in >>> the cloud >> environment >>> which does not properly forward the JSESSIONID cookie. >>> >>> Martin >>> >>> aj >>> >> > --- - -- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6ptcAACgkQHPApP6U8 pFgXVRAAuWAid0eXZF9duF3COnoX17FVPGe4v2RCt+2DzDcf3yXLdr0w9/wsHJlv FG9eZBYKAMirZlpM/FLkNKoR7dygcYyyO7nxI9j93Nv8jZmnRmhCgak0unlr0zfB b728Y5/i80vc2KoOXy6La+tRcZKVMG+q6UP3VDz/YRegk8WVn0oeUty8JrPpYy22 Dh7KgnCO20xDNaMPbhvm45LlvfaxeRreCDqGp30wPnkyw7zbB8kARj/BLNI+Hf5B nC7E14ISiXRj62hPx25drcfxoES407+yVfKt2+g5j3jhxLshwM2XDgMFCm4B2SIP WpQ91qiJCX4IW3YZEVs2bXPafH+Sp9eQcsyXDYqvnsImUWQ9EFqiuuqQoj45/n6S LbqzcCVdFBkDmIIz8siuI2dX6MnWxqJE3aUwMqdP9AKA49i7ZApRdRx1wa90mN5/ KtDmXWTc2YJmirtfU7JvzH3EmoG8BJ+24uR8Q6ealPk+9bHGM7tsyBAqRUfIJzfc
Re: Losing session between calls from mobile phone
Andre, thanks for asking the questions. Yes, we try to get understand the behaviors. We have seen iphone and other android phones, on different carriers, from different networks, encounter this problem - losing session. It does not seem there is a pattern so far. Users use all kinds of phones. Some of their phones experience this problem. -aj On Tue, Apr 28, 2020 at 12:08 PM André Warnier (tomcat/perl) wrote: > On 28.04.2020 18:28, AJ Chen wrote: > > Thanks. Martin and Mark. > > > > I can recreate the problem: I compare two different mobile phones. One > > phone can log in and proceed. Server log shows the same session persists > > (same sessionID upon different requests). The other phone can log in, but > > upon next request, server log show a new session is always created (new > > sessionId). > > > > Since session tracking works on PC browser and some mobile phone, the > proxy > > (if any) in front of aws EC2 server should not be the problem. > Anything > > else may be missing? > > > > Asking just in case : > - are the 2 phones on the same network carrier ? > - are they the same brand, or at least OS ? > - if you connect them both to the same local WiFi, do they still act > differently ? > > Note : no idea if this makes any difference, but we're trying to find a > reason why they > act differently when using the same Internet application server, right ? > > > -aj > > > > > > On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas wrote: > > > >> On 28/04/2020 07:47, Martin Grigorov wrote: > >>> On Tue, Apr 28, 2020 at 9:11 AM AJ Chen > wrote: > >>> > Anyway to fix it? thanks. -aj > > >>> > >>> First you need to investigate whether there is a proxy. > >>> Then what kind of proxy. > >>> Then where is its configuration. > >>> Then consult with its manual and see whether there is something > >>> wrong/missng. > >> > >> I'd recommend taking a step back. > >> > >> Guessing at what might be wrong and then trying to fix the problem you > >> have only guessed at is unlikely to work. > >> > >> Can you recreate the problem? You can't tell if something is fixed if > >> you can't recreate it. > >> > >> Once you recreate the problem then you can start to narrow it down. You > >> need to track what is happening to the session ID. You'll probably need > >> to add some information to the access log, possibly look at some raw > >> network logs and/or look at HTTP headers on the client.. > >> > >> Somewhere in all of the above you should find out where the session ID > >> is getting dropped. Then you need to figure out why. Only then you know > >> why this is happening can you start to think about a solution. > >> > >> Mark > >> > >> > >>> > >>> > > > On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov < > mgrigo...@apache.org> > wrote: > > > Hi, > > > > On Tue, Apr 28, 2020 at 2:23 AM AJ Chen > >> wrote: > > > >> My web application using tomcat 6 can track user session (cookie by > >> default) for mobile and PC users in dev environment. But when > deployed > on > >> cloud server, it fails to track session for some mobile users. > >> meaning, > >> servlet always creates a new session upon user request. > >> > >> Any idea why this happens? > >> > > > > Most probably there is a proxy in front of Tomcat in the cloud > environment > > which does not properly forward the JSESSIONID cookie. > > > > Martin > > > > > >> > >> aj > >> > > > > >>> > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Losing session between calls from mobile phone
On 28.04.2020 18:28, AJ Chen wrote: Thanks. Martin and Mark. I can recreate the problem: I compare two different mobile phones. One phone can log in and proceed. Server log shows the same session persists (same sessionID upon different requests). The other phone can log in, but upon next request, server log show a new session is always created (new sessionId). Since session tracking works on PC browser and some mobile phone, the proxy (if any) in front of aws EC2 server should not be the problem.Anything else may be missing? Asking just in case : - are the 2 phones on the same network carrier ? - are they the same brand, or at least OS ? - if you connect them both to the same local WiFi, do they still act differently ? Note : no idea if this makes any difference, but we're trying to find a reason why they act differently when using the same Internet application server, right ? -aj On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas wrote: On 28/04/2020 07:47, Martin Grigorov wrote: On Tue, Apr 28, 2020 at 9:11 AM AJ Chen wrote: Anyway to fix it? thanks. -aj First you need to investigate whether there is a proxy. Then what kind of proxy. Then where is its configuration. Then consult with its manual and see whether there is something wrong/missng. I'd recommend taking a step back. Guessing at what might be wrong and then trying to fix the problem you have only guessed at is unlikely to work. Can you recreate the problem? You can't tell if something is fixed if you can't recreate it. Once you recreate the problem then you can start to narrow it down. You need to track what is happening to the session ID. You'll probably need to add some information to the access log, possibly look at some raw network logs and/or look at HTTP headers on the client.. Somewhere in all of the above you should find out where the session ID is getting dropped. Then you need to figure out why. Only then you know why this is happening can you start to think about a solution. Mark On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov wrote: Hi, On Tue, Apr 28, 2020 at 2:23 AM AJ Chen wrote: My web application using tomcat 6 can track user session (cookie by default) for mobile and PC users in dev environment. But when deployed on cloud server, it fails to track session for some mobile users. meaning, servlet always creates a new session upon user request. Any idea why this happens? Most probably there is a proxy in front of Tomcat in the cloud environment which does not properly forward the JSESSIONID cookie. Martin aj - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Losing session between calls from mobile phone
Thanks. Martin and Mark. I can recreate the problem: I compare two different mobile phones. One phone can log in and proceed. Server log shows the same session persists (same sessionID upon different requests). The other phone can log in, but upon next request, server log show a new session is always created (new sessionId). Since session tracking works on PC browser and some mobile phone, the proxy (if any) in front of aws EC2 server should not be the problem.Anything else may be missing? -aj On Tue, Apr 28, 2020 at 12:30 AM Mark Thomas wrote: > On 28/04/2020 07:47, Martin Grigorov wrote: > > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen wrote: > > > >> Anyway to fix it? thanks. -aj > >> > > > > First you need to investigate whether there is a proxy. > > Then what kind of proxy. > > Then where is its configuration. > > Then consult with its manual and see whether there is something > > wrong/missng. > > I'd recommend taking a step back. > > Guessing at what might be wrong and then trying to fix the problem you > have only guessed at is unlikely to work. > > Can you recreate the problem? You can't tell if something is fixed if > you can't recreate it. > > Once you recreate the problem then you can start to narrow it down. You > need to track what is happening to the session ID. You'll probably need > to add some information to the access log, possibly look at some raw > network logs and/or look at HTTP headers on the client.. > > Somewhere in all of the above you should find out where the session ID > is getting dropped. Then you need to figure out why. Only then you know > why this is happening can you start to think about a solution. > > Mark > > > > > > > >> > >> > >> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov > >> wrote: > >> > >>> Hi, > >>> > >>> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen > wrote: > >>> > My web application using tomcat 6 can track user session (cookie by > default) for mobile and PC users in dev environment. But when deployed > >> on > cloud server, it fails to track session for some mobile users. > meaning, > servlet always creates a new session upon user request. > > Any idea why this happens? > > >>> > >>> Most probably there is a proxy in front of Tomcat in the cloud > >> environment > >>> which does not properly forward the JSESSIONID cookie. > >>> > >>> Martin > >>> > >>> > > aj > > >>> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Losing session between calls from mobile phone
On 28/04/2020 07:47, Martin Grigorov wrote: > On Tue, Apr 28, 2020 at 9:11 AM AJ Chen wrote: > >> Anyway to fix it? thanks. -aj >> > > First you need to investigate whether there is a proxy. > Then what kind of proxy. > Then where is its configuration. > Then consult with its manual and see whether there is something > wrong/missng. I'd recommend taking a step back. Guessing at what might be wrong and then trying to fix the problem you have only guessed at is unlikely to work. Can you recreate the problem? You can't tell if something is fixed if you can't recreate it. Once you recreate the problem then you can start to narrow it down. You need to track what is happening to the session ID. You'll probably need to add some information to the access log, possibly look at some raw network logs and/or look at HTTP headers on the client.. Somewhere in all of the above you should find out where the session ID is getting dropped. Then you need to figure out why. Only then you know why this is happening can you start to think about a solution. Mark > > >> >> >> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov >> wrote: >> >>> Hi, >>> >>> On Tue, Apr 28, 2020 at 2:23 AM AJ Chen wrote: >>> My web application using tomcat 6 can track user session (cookie by default) for mobile and PC users in dev environment. But when deployed >> on cloud server, it fails to track session for some mobile users. meaning, servlet always creates a new session upon user request. Any idea why this happens? >>> >>> Most probably there is a proxy in front of Tomcat in the cloud >> environment >>> which does not properly forward the JSESSIONID cookie. >>> >>> Martin >>> >>> aj >>> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Losing session between calls from mobile phone
On Tue, Apr 28, 2020 at 9:11 AM AJ Chen wrote: > Anyway to fix it? thanks. -aj > First you need to investigate whether there is a proxy. Then what kind of proxy. Then where is its configuration. Then consult with its manual and see whether there is something wrong/missng. > > > On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov > wrote: > > > Hi, > > > > On Tue, Apr 28, 2020 at 2:23 AM AJ Chen wrote: > > > > > My web application using tomcat 6 can track user session (cookie by > > > default) for mobile and PC users in dev environment. But when deployed > on > > > cloud server, it fails to track session for some mobile users. meaning, > > > servlet always creates a new session upon user request. > > > > > > Any idea why this happens? > > > > > > > Most probably there is a proxy in front of Tomcat in the cloud > environment > > which does not properly forward the JSESSIONID cookie. > > > > Martin > > > > > > > > > > aj > > > > > >
Re: Losing session between calls from mobile phone
Anyway to fix it? thanks. -aj On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov wrote: > Hi, > > On Tue, Apr 28, 2020 at 2:23 AM AJ Chen wrote: > > > My web application using tomcat 6 can track user session (cookie by > > default) for mobile and PC users in dev environment. But when deployed on > > cloud server, it fails to track session for some mobile users. meaning, > > servlet always creates a new session upon user request. > > > > Any idea why this happens? > > > > Most probably there is a proxy in front of Tomcat in the cloud environment > which does not properly forward the JSESSIONID cookie. > > Martin > > > > > > aj > > >
Re: Losing session between calls from mobile phone
Hi, On Tue, Apr 28, 2020 at 2:23 AM AJ Chen wrote: > My web application using tomcat 6 can track user session (cookie by > default) for mobile and PC users in dev environment. But when deployed on > cloud server, it fails to track session for some mobile users. meaning, > servlet always creates a new session upon user request. > > Any idea why this happens? > Most probably there is a proxy in front of Tomcat in the cloud environment which does not properly forward the JSESSIONID cookie. Martin > > aj >
Losing session between calls from mobile phone
My web application using tomcat 6 can track user session (cookie by default) for mobile and PC users in dev environment. But when deployed on cloud server, it fails to track session for some mobile users. meaning, servlet always creates a new session upon user request. Any idea why this happens? aj
