Re: Session Problems Apache httpd - tomcat
Nelson D. guerrero wrote: On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote: Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests. I'm sorry, I'm not following. By saying managing your sessions, do you mean running tomcat standalone or letting tomcat manager the sessions and that the httpd uses the sessions off of the tomcat? Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link. Do they go through request.encodeURL automatically or do I have to do something? They don't go through it automatically, as the links are in the page output, and tomcat doesn't hunt through output streams for URLs to encode. All URLs need to be manually encoded, in your JSPs or Servlet outputs. Check with your developers to ensure that this is the case. If the URLs are properly encoded Tomcat will then rewrite the URL to include the session data in the URL if cookies are not available. Your URLs will then look something like: /path/to.jsp;jsessionid=?query=goes+here The HTTPD is largely agnostic of the sessions - unless you are clustering - as it won't interfere with a cookie, and will pass a URL parameter through as normal. Q: How have you connected HTTPD/Tomcat, and which versions are you using? If you *are* clustering then you need to ensure that the jvmRoute attribute of the Engine in conf/server.xml is set uniquely for each Tomcat. (http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html) This adds the value of the attribute to the end of the jsessionid so that your load balancer can direct the session to the appropriate Tomcat. p Sorry for all the questions, I'm no developer and I'm surely not a tomcat administrator, they just shoved me the responsibility a couple of months ago and I've been learning ever since. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Session Problems Apache httpd - tomcat
On Wednesday 28 March 2007 18:17, Christopher Schultz wrote: Do they go through request.encodeURL automatically or do I have to do something? If you use JSTL Core library c:url, then they do. If you are using a href='', then they do not and you have to use a href=%= response.encodeURL(theURL) %link/a. It's safer and cleaner to use c:url. I prefer the XML syntax, jsp:element name=a jsp:attribute name=titleLog out/jsp:attribute jsp:attribute name=hrefc:url value=logoff.jsp//jsp:attribute jsp:bodyLog Out/jsp:body /jsp:element but you can do a href=c:out value=logoff.jsp/Log Out/a -- Nicholas Sushkin, Senior Software Engineer http://www.openfinance.com http://www.wealthinformationexchange.com smime.p7s Description: S/MIME cryptographic signature
Re: Session Problems Apache httpd - tomcat
On Thu, 2007-03-29 at 09:43 +0100, Pid wrote: They don't go through it automatically, as the links are in the page output, and tomcat doesn't hunt through output streams for URLs to encode. All URLs need to be manually encoded, in your JSPs or Servlet outputs. Check with your developers to ensure that this is the case. If the URLs are properly encoded Tomcat will then rewrite the URL to include the session data in the URL if cookies are not available. Your URLs will then look something like: /path/to.jsp;jsessionid=?query=goes+here This and the addCookie worked perfectly. The developers are working on a fix right now. The HTTPD is largely agnostic of the sessions - unless you are clustering - as it won't interfere with a cookie, and will pass a URL parameter through as normal. Q: How have you connected HTTPD/Tomcat, and which versions are you using? Tomcat 2.2.23 Apache httpd 2.2.0 mod_jk 1.2.15 If you *are* clustering then you need to ensure that the jvmRoute attribute of the Engine in conf/server.xml is set uniquely for each Tomcat. (http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html) This adds the value of the attribute to the end of the jsessionid so that your load balancer can direct the session to the appropriate Tomcat. No clusters yet, though we will be looking into it as soon as I learn a bit more. Thanks a lot Christopher, Pid and Nicholas, your help was very valuable. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: Your URLs will then look something like: /path/to.jsp;jsessionid=?query=goes+here This and the addCookie worked perfectly. The developers are working on a fix right now. Honestly, you should never have to do anything with cookies yourself... Tomcat should handle any required cookie manipulations. I think it will just clutter your code and confuse anyone reading it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGC+dj9CaO5/Lv0PARAootAKCjGHGvHvwvg3Gqc/0O8v4rKuo5sgCgpzlf gD0lrhCItOiUL6QCSEGxcws= =iGqY -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
On Thu, 2007-03-29 at 12:20 -0400, Christopher Schultz wrote: Honestly, you should never have to do anything with cookies yourself... Tomcat should handle any required cookie manipulations. I think it will just clutter your code and confuse anyone reading it. It's working without any code, but when I add traffic to the application it stops working and for every refresh it makes a new session. The workaround I offered was to force the session and that's the only thing working right now. Any ideas on that? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: On Thu, 2007-03-29 at 12:20 -0400, Christopher Schultz wrote: Honestly, you should never have to do anything with cookies yourself... Tomcat should handle any required cookie manipulations. I think it will just clutter your code and confuse anyone reading it. It's working without any code, but when I add traffic to the application it stops working and for every refresh it makes a new session. The workaround I offered was to force the session and that's the only thing working right now. Any ideas on that? Not really... you are probably just duplicating code that Tomcat is running also. Are you sure that your load profiles are the same in both cases? Tomcat easily handles a ton of load without losing sessions. The problem is likely to be in your application. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDDMb9CaO5/Lv0PARArnHAJ9cXmLPqIQEhlONT74U2M1BkUUVDQCgu/cp 2hWDC+zj16EN6lKWcXP+LSs= =vchg -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Problems Apache httpd - tomcat
Hello everyone, I'm new to the list and I've been using tomcat for quite some time now and have a little question. Any help would be greatly appreciated. I've made a little jsp to show me the current session I'm on, when using it on a standalone tomcat server the session never changes, when I move it to an apache httpd server with mod_jk connected to the same tomcat server the session still doesn't change, but when I add some traffic to both the httpd server and the tomcat server, the sessions start changing with every click and I'm having some trouble with the applications I'm deploying. I'm using: 1) Apache httpd 2.2.4 2) Apache tomcat 5.5.23 3) mod_jk/1.2.15 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: I've made a little jsp to show me the current session I'm on, when using it on a standalone tomcat server the session never changes, when I move it to an apache httpd server with mod_jk connected to the same tomcat server the session still doesn't change, but when I add some traffic to both the httpd server and the tomcat server, the sessions start changing with every click and I'm having some trouble with the applications I'm deploying. Hmm... How are you checking to see if the session has changed? Are you looking at request.getSession().getSessionId()? Or are you looking at some particular object in your sessions to see if that has changed? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCsyw9CaO5/Lv0PARAm2SAJ48zwj+vKl93aVrTR4sfnckUHi0SACeL83w mpokRjvjYteocnpnwXgrpvA= =BNrw -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
On Wed, 2007-03-28 at 16:14 -0400, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: I've made a little jsp to show me the current session I'm on, when using it on a standalone tomcat server the session never changes, when I move it to an apache httpd server with mod_jk connected to the same tomcat server the session still doesn't change, but when I add some traffic to both the httpd server and the tomcat server, the sessions start changing with every click and I'm having some trouble with the applications I'm deploying. Hmm... How are you checking to see if the session has changed? Are you looking at request.getSession().getSessionId()? Or are you looking at some particular object in your sessions to see if that has changed? - -chris Hello Chris, I'm using request.getSession().getId(). - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: How are you checking to see if the session has changed? Are you looking at request.getSession().getSessionId()? Or are you looking at some particular object in your sessions to see if that has changed? I'm using request.getSession().getId(). Okay. Are you using cookies or URL-rewriting in order to track sessions? Oh, and what is your session timeout? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCtDH9CaO5/Lv0PARAvnOAJ96UWkR0rB2ECQekxX2sR2t8AoF1ACfd8zT TAO7H0SsND7SCM5NGCrzMv0= =ge36 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
On Wed, 2007-03-28 at 16:32 -0400, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: How are you checking to see if the session has changed? Are you looking at request.getSession().getSessionId()? Or are you looking at some particular object in your sessions to see if that has changed? I'm using request.getSession().getId(). Okay. Are you using cookies or URL-rewriting in order to track sessions? Oh, and what is your session timeout? - -chris No, the developers are using cookies or URL-rewriting, is this the only way that the sessions can replicate between them? I'm thinking on passing them this piece of code: ((HttpServletResponse)response).addCookie(new Cookie(JSESSIONID,session.getId())); That will surely help. Tomcat has the default timeout of 30 minutes. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: Are you using cookies or URL-rewriting in order to track sessions? No, the developers are using cookies or URL-rewriting, is this the only way that the sessions can replicate between them? Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests. By default, Tomcat attempts to use cookies, but if cookies are not supported by the client (the browser), then it resorts to URL rewriting. I'm thinking on passing them this piece of code: ((HttpServletResponse)response).addCookie(new Cookie(JSESSIONID,session.getId())); That will surely help. Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCtdd9CaO5/Lv0PARAmbxAKCqWzIxQKLz38z0xIVXXFpE2cWBLwCeLqaU ezD9gy8vmCGlyoyfWAk5bE8= =DfrI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: Are you using cookies or URL-rewriting in order to track sessions? No, the developers are using cookies or URL-rewriting, is this the only way that the sessions can replicate between them? Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests. By default, Tomcat attempts to use cookies, but if cookies are not supported by the client (the browser), then it resorts to URL rewriting. I'm thinking on passing them this piece of code: ((HttpServletResponse)response).addCookie(new Cookie(JSESSIONID,session.getId())); That will surely help. Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link. Are you testing manually or using something automated? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCtdd9CaO5/Lv0PARAmbxAKCqWzIxQKLz38z0xIVXXFpE2cWBLwCeLqaU ezD9gy8vmCGlyoyfWAk5bE8= =DfrI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Session Problems Apache httpd - tomcat
On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote: Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests. I'm sorry, I'm not following. By saying managing your sessions, do you mean running tomcat standalone or letting tomcat manager the sessions and that the httpd uses the sessions off of the tomcat? Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link. Do they go through request.encodeURL automatically or do I have to do something? Sorry for all the questions, I'm no developer and I'm surely not a tomcat administrator, they just shoved me the responsibility a couple of months ago and I've been learning ever since. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Problems Apache httpd - tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nelson, Nelson D. guerrero wrote: On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote: Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests. I'm sorry, I'm not following. By saying managing your sessions, do you mean running tomcat standalone or letting tomcat manager the sessions and that the httpd uses the sessions off of the tomcat? Apache httpd does not manage sessions at all, so it doesn't matter. What I meant was are you implementing your own strange session management -- and the answer is probably no. Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link. Do they go through request.encodeURL automatically or do I have to do something? Any time you generate a URL to be included in a web page, you need to make sure that your URL goes through request.encodeURL. If you are using a JSP tab library to build your links, then it is more than likely to do this for you. To be on the safe side, tell us how you build your web pages. If it's using JSP, then let us know about any tag libraries you are using. Sorry for all the questions, I'm no developer and I'm surely not a tomcat administrator, they just shoved me the responsibility a couple of months ago and I've been learning ever since. No problem. We tend to put the kid gloves on when someone starts asking questions like this. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCul79CaO5/Lv0PARAihuAJ4pngqkCAf3AKIC0AZjiyT5SCHgxQCgqAgT 0iMj8v32fwZo5uRQXikIE8U= =g5ew -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]