Re: Tomcat - Automatically writes a session?
Unfortunately this isn't working either. In addition to the [EMAIL PROTECTED] session=false% directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer [EMAIL PROTECTED] wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
Re: Tomcat - Automatically writes a session?
Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? What sort of filters should I be looking for that could be setting a cookie? btw - my config is just straight Tomcat 4.1, no Apache. If you want to see an example of what I'm seeing, please go to http://www.travelusa.com/. If you can recommend any filters or anything else like that I should be looking at, please let me know. Thanks for your help. Neal Jeff Tulley [EMAIL PROTECTED] wrote: Yeah, I see the same thing. No jsessionId in the header. with session=false % [EMAIL PROTECTED] 1/20/04 3:31:31 PM Its on by default because the spec says so. Are you sure you don't have a filter or anything else creating a session? I created a page called cowbell with this content with tomcat 4.1: -- foo -- Then simulated a web browser: -- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close foo Connection closed by foreign host. -- -Tim neal cabage wrote: Unfortunately this isn't working either. In addition to the session=false%directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
RE: Tomcat - Automatically writes a session?
Well, the cookie is written but RAM memory must be allocated for these users as well, right? If you have a timeout set to 30 minutes, you've got a lot of little pieces of RAM being held by these users at any given time. Seems waistful to me, regardless how small they are. It just seems silly to be writing cookies for every page, regardless of whether you need one. Well, no - no I don't use any filters, I do have that directive for no session and I do have the cookies=false in my server.xml. I guess I'll take another look but everything I've been tyring isnt' working. grrr. Mike Curwen [EMAIL PROTECTED] wrote: I think it's slightly unfair to characterise the 'on by default' as a 'huge' waste of resources. As Yoav mentioned, the session object is essentially empty and very small. If you don't use it, it should not be a problem. As for 'RAM resources to write a cookie...', that's accomplished on the client, so no load on our server. Also, because it's on by default, you need to ensure that every single JSP includes the 'no session please' directive. Missing it once will create a session for every user that hits the page. Look for this especially in some sort of 'meta' page (like header.jsp or login.jsp or footer.jsp) which are included in any number of other pages. As for filters, people are referring to any javax.servlet.Filter classes you may have written. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 3:48 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat - Automatically writes a session? Unfortunately this isn't working either. In addition to the directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
RE: Tomcat - Automatically writes a session?
Thanks for the tip. I'll definitely check it out. I've heard its a lot better for javascript debugs as well. Mike Curwen [EMAIL PROTECTED] wrote: I like using Mozilla for cookie inspection. Its setup screens let you clear your cookie cache, inspect cookies on your system, and accept/deny each cookie sent to you, as they are sent to you, including jsessionid 'session' cookies. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 5:00 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
javax.net.ssl.SSLHandshakeException: Could not find trusted certificate
I went through th process of applying the new Level 2 3 certs to my cacerts file using the Java Keytool and the output of the keytool seems to have implied this was done correctly but I'm still getting the same error when attempting to retrieve a document over https (SSL): javax.net.ssl.SSLHandshakeException: Could not find trusted certificate. Moreover, it appears that the lib/security/cacerts file doesn't even exist on my Linux production server...only on my Windows Dev server. linux instead has some .crt files in the /bin directory. Anyone have any recommendations? One thing mentioned on the Sun site was to upgrade the JDK to a version with updated certs. Should I worry about this corrupting my own SSL certs? And how difficult is this sort of an update on Linux (I'm a little Linux- phobic). Thanks. - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
Re: RES: javax.net.ssl.SSLHandshakeException: Could not find trusted certificate
What page at Verisign were you reading this from?
Thanks.
Neal
Mauro Pencov [EMAIL PROTECTED] wrote:I was reading in the site of the Verisign, I
found the page that offers for
download Intermediate CA, but this would be used for Apache. And in tomcat?
Somebody already it made this in the Tomcat? Which the process?
( https://www.verisign.com/support/site/caReplacement.html )
-Mensagem original-
De: Alexander Taler [mailto:[EMAIL PROTECTED] nome de Alexander Taler
Enviada em: terca-feira, 13 de janeiro de 2004 14:46
Para: Tomcat Users List
Assunto: Re: javax.net.ssl.SSLHandshakeException: Could not find trusted
certificate
Perhaps it's related to the Verisign intermediate signing
certificate which expired last week. Check the Verisign website
for details.
Alex
Neal == Neal writes:
Neal To: 'Tomcat Users List'
Neal Subject: javax.net.ssl.SSLHandshakeException: Could not find trusted
Neal certificate
Neal Date: Mon, 12 Jan 2004 23:05:41 -0800
Neal I suddenly have a problem reading XML over SSL, where the system has
Neal been in place for a year and the problem never existed before! And
the
Neal weird part is that both my dev and production environmets now seem
to
Neal have the same problem.
Neal Another interesting tidbit I have noticed is that I *can* access XML
Neal documents on my own server (using a Thawte cert) but have a problem
Neal when attempting to access documents on two external servers that I
know
Neal use Verisign certs. This may or may not be related.
Neal Can anyone think of what may be wrong or what I can do to correct
the
Neal issue?
Neal I am getting the following error:
javax.net.ssl.SSLHandshakeException:
Neal Could not find trusted certificate
Neal Here is the method I am using to retrieve the document: public
Document
Neal readDocument(URL url) throws IOException,
ParserConfigurationException,
Neal SAXException {
Neal Document doc = null;
Neal InputStream in = url.openStream(); DocumentBuilderFactory
Neal docBuilderFactory =
Neal DocumentBuilderFactory.newInstance();
Neal DocumentBuilder docBuilder =
Neal docBuilderFactory.newDocumentBuilder();
Neal doc = docBuilder.parse(in); return doc;
Neal }
--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
Do you Yahoo!?
Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
global.asa - Web.xml
I'm trying to do something as simple as define global constants for my JSP application. In ASP there is a Global.asa file and the closest thing in JSP is of course the web.xml file. I defined a value in my web.xml file and assumed I could retrieve it using the following line: String test = (String) new InitialContext().getAttribute(html.basepath); I've done something similar for Datasources that works just fine but for some reason tyring to retrieve a basic String in a similar manner doesn't work. Can someone please tell me what I am missing? Thanks. - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
RE: global.asa - Web.xml
Oops, you're right that line would not have compiled...I meant I use this: DataSource ds = (DataSource) new InitialContext().lookup(application.getInitParameter(db.jndi.dsn)); ...to get a datasource values and assumed the similar line would work for retrieving a String: String str = (String) new InitialContext().lookup(application.getInitParameter(myString)); ...but no dice. God, why does it have to be so difficult to do something so simple. I love Java for a lot of reasons, but this kinda stuff makes me really curse it at times. Ok, so you're saying go and read JNDI documentation and hopefully once I understand JNDI inside and out I can finally set a freaking application constant paramter? Shapira, Yoav [EMAIL PROTECTED] wrote: Howdy, I'm trying to do something as simple as define global constants for my JSP application. In ASP there is a Global.asa file and the closest thing in JSP is of course the web.xml file. I defined a value in my web.xml file and assumed I could retrieve it using the following line: String test = (String) new InitialContext().getAttribute(html.basepath); I've done something similar for Datasources that works just fine but for some reason tyring to retrieve a basic String in a similar manner doesn't work. Can someone please tell me what I am missing? You're missing a lot. You should read the Servlet Specification, specially the section on context parameters (context-param elements in web.xml), which is what you will probably use for simple strings. You should read the JNDI documentation for what a context (including InitialContext) is. It doesn't have a getAttribute method, so I seriously doubt this line of code even compiles, much less works for datasources or any other type of JNDI resource. You could use a JNDI context for simple strings, but that's usually overkill. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Re: global.asa - Web.xml
Ah, thanks Ben. Yes, I tried what I wrote prior and also tried application.getAttribute ... but didn't realize there was a getInitParameter() method. That did the trick. Thanks. N Ben Souther [EMAIL PROTECTED] wrote: In your web.xml file: city_name NY In your JSP City: On Monday 15 December 2003 02:40 pm, you wrote: I'm trying to do something as simple as define global constants for my JSP application. In ASP there is a Global.asa file and the closest thing in JSP is of course the web.xml file. I defined a value in my web.xml file and assumed I could retrieve it using the following line: String test = (String) new InitialContext().getAttribute(html.basepath); I've done something similar for Datasources that works just fine but for some reason tyring to retrieve a basic String in a similar manner doesn't work. Can someone please tell me what I am missing? Thanks. - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
RE: Garbage Collection issues
When I said that surely it can't be a memory leak in my app I was operating under the assumption that the JRE runs garbage collection periodically anywayis this not true? If I was waisting resources and not releasing them in a way that the GC could take them back when it runs automatically then why would it take them back when I call garbage collection explicitly? To me, this suggested more of a systemic issue. It was suggested by someone last night that I may want to look at some config lines to make sure GC is active and this seemed in line with my assumption. Is there something else here that I may be missing however? Can you see a possible explanation as to why my app's waisted resources would not get cleaned up until I explicitly ran GC? Thanks. Neal Shapira, Yoav [EMAIL PROTECTED] wrote: Howdy, Perhaps you are experiencing higher load, which requires more memory. Or perhaps your application does have a memory leak: those are possible and occur in java, so yes that would a programming error on your part. The garbage collector does much magic, but it can't save you all the time. You may wish to read up on java memory leaks, as they've been discussed at length on this list and on the net in general. Note that when you call Runtime#gc that's only a suggestion to the JVM: many times when you call that the garbage collector may not run at all. Yoav Shapira Millennium ChemInformatics -Original Message- From: Neal [mailto:[EMAIL PROTECTED] Sent: Sunday, November 30, 2003 8:21 PM To: 'Tomcat Users List' Subject: Garbage Collection issues My Tomcat 4.1 (hosted on Linux) seems to have a problem in recent months with crashing due to unavailable free RAM. Specifically I get a java.error.outOfMemory exception. If check the RAM available (Runtime.getRuntime().totalMemory()), I can see it ticking down through the week. If explicitly run garbage collection however my RAM totally frees up and all is well (Runtime.getRuntime().gc();). Why would this happen? Surely this isn't due to a programming error on my part, otherwise, the resources should automatically released whenever the JRE performs periodic garbage collection. Isn't that correct? Anyone have any theories as to what this may mean and what the best solution would be? Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Free Pop-Up Blocker - Get it now
How to monitor RAM Usage
Does anyone know how I can montior RAM usage/availability on Tomcat at any given time? I'm currently having a problem wherein Tomcat crashes about once per week and gives the error Java.error.OutOfMemory but I can't see any diagnostics by which to establish any patterns. I also can't find this information on the Apache site, after having looked for 1/2 hour. Any thoughts/info would be greatly appreciates. Thanks. Neal - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
RE: How to monitor RAM Usage
Thanks. How do I issue such a command? Command line, etc? Neal Nathan Mcminn [EMAIL PROTECTED] wrote: Neal, This will get you the total amount of memory available to the JVM tomcat is running in: Runtime.getRuntime().totalMemory() And this will get you the amount free Runtime.getRuntime().freeMemory() Nathan McMinn Application Developer NequalsOne - HealthCare marketing tools mailto:[EMAIL PROTECTED] http://www.NequalsOne.com -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 1:07 PM To: Tomcat Users List Subject: How to monitor RAM Usage Does anyone know how I can montior RAM usage/availability on Tomcat at any given time? I'm currently having a problem wherein Tomcat crashes about once per week and gives the error Java.error.OutOfMemory but I can't see any diagnostics by which to establish any patterns. I also can't find this information on the Apache site, after having looked for 1/2 hour. Any thoughts/info would be greatly appreciates. Thanks. Neal - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
Re: How to monitor RAM Usage
Thanks. Out of curiosity, what sort of RAM allocations would you typically do on a production UNIX machine? Obviously I don't want to use up all of my memory, but this and mySQL are my only two production apps. ' Thanks. Neal James Black [EMAIL PROTECTED] wrote: neal cabage wrote: I'm currently having a problem wherein Tomcat crashes about once per week and gives the error Java.error.OutOfMemory but I can't see any diagnostics by which to establish any patterns. I also can't find this information on the Apache site, after having looked for 1/2 hour. If you use top (on unix) or the taskmanager, on windows, you can see how large it gets. Most likely you will just need to add a java option to catalina.sh try JAVA_OPTS=-mx512m if you want it to grow to 512megs in size. Any thoughts/info would be greatly appreciates. Thanks. Neal - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
