Re: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails

huck Caldarale Sent: Saturday, April 13, 2024 4:00 PM To: Tomcat Users List Subject: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails On Apr 11, 2024, at 09:07, Rick Noel wrote: We are getting closer Changing ports from the 5000 range to the 4000 range stopped two errors But now I get

RE: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails

er | Westwood One rn...@westwoodone.com -Original Message- From: Chuck Caldarale Sent: Saturday, April 13, 2024 4:00 PM To: Tomcat Users List Subject: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails > On Apr 11, 2024, at 09:07, Rick Noel wrote: > > We are getting closer > Ch

Re: [EXT]Re: Tomcat 10 session replication fails

Sort of off topic, but sort of related. If you're having tremendous trouble using the built in replication methods, we built a redis based session manager: https://github.com/exabrial/redex-sm Currently redex-sm only works with Tomcat 8.5, but it wouldn't be a big leap to make it work with Tomcat

Re: [EXT]Re: Tomcat 10 session replication fails

> On Apr 11, 2024, at 09:07, Rick Noel wrote: > > We are getting closer > Changing ports from the 5000 range to the 4000 range stopped two errors > But now I get this.. > > INFO: Manager [##0001]: skipping state transfer. No members active in cluster > group > > How to I make the

RE: [EXT]Re: Tomcat 10 session replication fails

Systems Programmer | Westwood One rn...@westwoodone.com -Original Message- From: Chuck Caldarale Sent: Thursday, April 11, 2024 9:14 AM To: Tomcat Users List Subject: [EXT]Re: Tomcat 10 session replication fails [You don't often get email from n82...@gmail.com. Learn why this is important

Re: Tomcat 10 session replication fails

> On Apr 11, 2024, at 07:56, Rick Noel wrote: > > We have our app running on Tomcat10 and doing clustering,but are getting the > following errors seen int the Catalina log... > > Apr 11, 2024 8:14:43 AM org.apache.catalina.ha.session.DeltaManager > waitForSendAllSessions > SEVERE:

Tomcat 10 session replication fails

Hi, We have our app running on Tomcat10 and doing clustering,but are getting the following errors seen int the Catalina log... Apr 11, 2024 8:14:43 AM org.apache.catalina.ha.session.DeltaManager waitForSendAllSessions SEVERE: Manager [##0001]: No session state sent at [4/11/24, 8:13 AM]

RE: Tomcat 9 Session replication

Many thanks Mark! -Original Message- From: Mark Thomas Sent: 01 February 2022 09:25 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 31/01/2022 14:54, Alan F wrote: > Many thanks Chris, > > Don't laugh I was looking at those values after Keiic

Re: Tomcat 9 Session replication

Schultz Sent: 31 January 2022 14:46 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication All, On 1/31/22 08:04, Keiichi Fujino wrote: If you use StaticMembershipService, you must set Cluster#channelStartOptions to 15 (default). To spell that out (since the docs aren't very explicit

Re: Tomcat 9 Session replication

bers. Just make sure you have your ports unique for each cluster and your membership ids unique for each node in each cluster. -chris -Original Message- From: Christopher Schultz Sent: 31 January 2022 14:46 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication All, On

RE: Tomcat 9 Session replication

interference ie specifying group or unique id etc. -Original Message- From: Christopher Schultz Sent: 31 January 2022 14:46 To: users@tomcat.apache.org Subject: Re: Tomcat 9 Session replication All, On 1/31/22 08:04, Keiichi Fujino wrote: > If you use StaticMembershipService, you must

Re: Tomcat 9 Session replication

> > > >filter=""/> >className="org.apache.catalina.ha.session.JvmRouteBinderValve"/> > >className="org.apache.catalina.ha.deploy.FarmWarDeployer" > tempDir="/opt/tomcat/war-temp

RE: Tomcat 9 Session replication

@tomcat.apache.org Subject: Re: Tomcat 9 Session replication On 28/01/2022 17:05, Alan F wrote: > We are currently getting traffic from all cluster members in other > environments using .staticmember opposed to multicast can I confirm why this > is see below. > > What do we need to set here

Re: Tomcat 9 Session replication

On 28/01/2022 17:05, Alan F wrote: We are currently getting traffic from all cluster members in other environments using .staticmember opposed to multicast can I confirm why this is see below. What do we need to set here for a clustered pair to make them unique and talk to eachother only

Tomcat 9 Session replication

We are currently getting traffic from all cluster members in other environments using .staticmember opposed to multicast can I confirm why this is see below. What do we need to set here for a clustered pair to make them unique and talk to eachother only without seeing traffic from other members

Any experiences with Tomcat 9 session replication using overlay network to simulate broadcast/multicast?

I am researching if a packaged application built on Tomcat (not 100% sure of version but assuming 9 until I know 100% sure) using session state replication as described here http://tomcat.apache.org/tomcat-9.0-doc/cluster-howto.html would work in an environment where broadcast/multicast is not

Re: Tomcat TLS session resumption in cluster

On 17/07/2019 00:06, M.S. Dousti wrote: > Dear all, > > TLS allows session resumption via session IDs or session tickets. [This > post]( > https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/) > shows how this can be performed in Apache web

Tomcat TLS session resumption in cluster

Dear all, TLS allows session resumption via session IDs or session tickets. [This post]( https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/) shows how this can be performed in Apache web server and Nginx. Specially, Apache has a

Re: [OT] How does tomcat handle session ids?

g deal conceptually. Except you don't want to use an MRU queue and intentionally re-use session ids in the near future, because... > PS: Please also review “session fixation” as a side note to this > problem. If I get session id abcd1234 and then log out, and Tomcat implements a "session

Re: [OT] How does tomcat handle session ids?

it is a randomly generated UUID it's a pretty safe assumption >>> that a duplicate id is very unlikely and that reusing a session >>> id for a different tomcat user session is also very unlikely. Is >>> this correct? >> >> Correct. > > I did so

Re: [OT] How does tomcat handle session ids?

andom ID. > >> If it is a randomly generated UUID it's a pretty safe assumption >> that a duplicate id is very unlikely and that reusing a session >> id for a different tomcat user session is also very unlikely. Is >> this correct? > > Correct. I did some math on

Re: How does tomcat handle session ids?

ng a session id for a different > tomcat user session is also very unlikely. Is this correct? Correct. > The action of destroying the session id server side (again without looking > at the code) is probably just a string that is eventually gc'd. Is that > correct or is it something more

How does tomcat handle session ids?

ated id but I honestly don't know without digging through the code base. If it is a randomly generated UUID it's a pretty safe assumption that a duplicate id is very unlikely and that reusing a session id for a different tomcat user session is also very unlikely. Is this correct? The action

Re: Tomcat 8.0.30 Session lost

Am 12.01.16 um 13:24 schrieb Mark Thomas: On 12/01/2016 11:06, Thomas Scheffler wrote: Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection the description how to switch the "feature" off. I will file two bugs soon

Re: Tomcat 8.0.30 Session lost

session. To use the values of login() later in authenticate() in >>> Tomcat 8.0.30 I had to insert "/foo" as my login page and "/bar" as my >>> login-error-page. I think any value will do here ;-) >>> >>> >>> FORM >>>

Re: Tomcat 8.0.30 Session lost

Thomas, On 1/13/16 8:31 AM, Thomas Scheffler wrote: > Am 12.01.16 um 13:24 schrieb Mark Thomas: >> On 12/01/2016 11:06, Thomas Scheffler wrote: >>> Am 11.01.16 um 22:05 schrieb Mark Thomas: > > className="org.apache.catalina.authenticator.BasicAuthenticator" >

Re: Tomcat 8.0.30 Session lost

Am 13.01.16 um 15:48 schrieb Christopher Schultz: Thomas, On 1/13/16 8:31 AM, Thomas Scheffler wrote: Am 12.01.16 um 13:24 schrieb Mark Thomas: On 12/01/2016 11:06, Thomas Scheffler wrote: Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on

Re: Tomcat 8.0.30 Session lost

Thomas, On 1/12/16 8:03 AM, Thomas Scheffler wrote: > Am 12.01.16 um 13:24 schrieb Mark Thomas: >> On 12/01/2016 11:06, Thomas Scheffler wrote: >>> Am 11.01.16 um 22:05 schrieb Mark Thomas: > > className="org.apache.catalina.authenticator.BasicAuthenticator" >

RE: Tomcat 8.0.30 Session lost

Thomas > -Original Message- > From: Olaf Kock [mailto:tom...@olafkock.de] > Sent: Monday, January 11, 2016 4:12 PM > To: Tomcat Users List > Subject: Re: Tomcat 8.0.30 Session lost > > Well, at least you do a bit of protection instead of just disabling the > s

Re: Tomcat 8.0.30 Session lost

On 12/01/2016 13:03, Thomas Scheffler wrote: > Am 12.01.16 um 13:24 schrieb Mark Thomas: >> On 12/01/2016 11:06, Thomas Scheffler wrote: >>> Am 11.01.16 um 22:05 schrieb Mark Thomas: For the first the description above isn't clear enough to be sure exactly what you are asking for.

Re: Tomcat 8.0.30 Session lost

Am 12.01.16 um 13:24 schrieb Mark Thomas: On 12/01/2016 11:06, Thomas Scheffler wrote: Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection the description how to switch the "feature" off. I will file two bugs soon

Re: Tomcat 8.0.30 Session lost

Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection the description how to switch the "feature" off. I will file two bugs soon describing the issues I had. Hopefully they will be fixed. 1.) if using

Re: Tomcat 8.0.30 Session lost

On 12/01/2016 11:06, Thomas Scheffler wrote: > Am 11.01.16 um 22:05 schrieb Mark Thomas: >>> >>> >>changeSessionIdOnAuthentication="false" /> >>> >>> Found on >>> http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection >>> the description how to switch the "feature" off. >>>

Re: Tomcat 8.0.30 Session lost

On 12/01/2016 15:57, Thomas Scheffler wrote: > What I read in the specification is that a *fix* could be implemented > that would a allow the bug to disappear. The third point above, changing > the sessionId only if the user is "new" to the session, would fix the > problem, could be integrated

Re: Tomcat 8.0.30 Session lost

Olaf, On 1/11/16 4:12 PM, Olaf Kock wrote: > Well, at least you do a bit of protection instead of just disabling the > session fixation security filter. However, be aware that potentially > many people might come from the same IP address - either because it's a > NATing home router or a big

Re: Tomcat 8.0.30 Session lost

Am 12.01.16 um 14:41 schrieb Mark Thomas: 1.) are not required as every request belonging to the same session are already authenticated. After login() other request of the same session will not return 'null' on getRemoteUser() or getUserPrincipal() 2.) are not required, as authenticate() use

Re: Tomcat 8.0.30 Session lost

Hi Christopher, Thanks for reminding me of my extra doubt that I missed writing of in the first post: Picking up on AOL: If I'm on proxy1 now, with many other users - will I stay on that proxy for a long time? Or will I be loadbalanced to many other proxies during my visit on the site? There's

Re: Tomcat 8.0.30 Session lost

On 12.01.2016 12:06, Thomas Scheffler wrote: Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection the description how to switch the "feature" off. I will file two bugs soon describing the issues I had. Hopefully they will

Re: Tomcat 8.0.30 Session lost

On 1/12/2016 10:57 AM, Thomas Scheffler wrote: Am 12.01.16 um 14:41 schrieb Mark Thomas: 1.) are not required as every request belonging to the same session are already authenticated. After login() other request of the same session will not return 'null' on getRemoteUser() or getUserPrincipal()

Re: Tomcat 8.0.30 Session lost

Am 08.01.16 um 17:02 schrieb Christopher Schultz: Tomcat will change the session identifier when the user authenticates. If you are creating a session before login, you'll see that the session id changes when authentication is successful. This is to protect against session-fixation attacks. I

Re: Tomcat 8.0.30 Session lost

On 11/01/2016 20:52, Thomas Scheffler wrote: > Am 11.01.16 um 12:21 schrieb André Warnier (tomcat): >> So the solution in your case, is to make sure, in your application >> logic, that the first unauthenticated request would be totally processed >> by the server, and the response processed by the

Re: Tomcat 8.0.30 Session lost

Well, at least you do a bit of protection instead of just disabling the session fixation security filter. However, be aware that potentially many people might come from the same IP address - either because it's a NATing home router or a big company's proxy server. Especially if you want to attack

Re: Tomcat 8.0.30 Session lost

Am 11.01.16 um 12:21 schrieb André Warnier (tomcat): So the solution in your case, is to make sure, in your application logic, that the first unauthenticated request would be totally processed by the server, and the response processed by the client, before the client sends a second request. If

Re: Tomcat 8.0.30 Session lost

Thomas, On 11.01.2016 11:30, Thomas Scheffler wrote: Am 08.01.16 um 17:02 schrieb Christopher Schultz: Tomcat will change the session identifier when the user authenticates. If you are creating a session before login, you'll see that the session id changes when authentication is successful.

Tomcat 8.0.30 Session lost

Hi, I have a very rare problem regarding session handling. It is reproducible only on a single server environment. Of cause this is the productive server. I use container authentication and for simplicity 'tomcat-user.xml'. Login is done via HttpServletRequest.login() method, whenever I

Re: Tomcat 8.0.30 Session lost

2016-01-08 19:02 GMT+03:00 Christopher Schultz : > Thomas, > > On 1/8/16 8:00 AM, Thomas Scheffler wrote: >> Am 08.01.16 um 11:43 schrieb Olaf Kock: >>> Is there any chance that the first and correctly authenticated cookies >>> (despite the debug output

Re: Tomcat 8.0.30 Session lost

Is there any chance that the first and correctly authenticated cookies (despite the debug output "secure=false") are https-only cookies and won't get transmitted in http, thus triggering new sessions? E.g. any chance they get rewritten at another level (Apache httpd, ServletFilter, others) to be

Re: Tomcat 8.0.30 Session lost

Am 08.01.16 um 11:43 schrieb Olaf Kock: Is there any chance that the first and correctly authenticated cookies (despite the debug output "secure=false") are https-only cookies and won't get transmitted in http, thus triggering new sessions? E.g. any chance they get rewritten at another level

Re: Tomcat 8.0.30 Session lost

Am 08.01.16 um 14:03 schrieb André Warnier (tomcat): Hi Thomas. It is a bit difficult to figure out where the problem really is, without having the full picture of what is going on (your web.xml configuration, the order and precise timing in which requests really happen etc.). But one thing I

Re: Tomcat 8.0.30 Session lost

On 08.01.2016 10:07, Thomas Scheffler wrote: Hi, I have a very rare problem regarding session handling. It is reproducible only on a single server environment. Of cause this is the productive server. I use container authentication and for simplicity 'tomcat-user.xml'. Login is done via

Re: Tomcat 8.0.30 Session lost

Thomas, On 1/8/16 8:00 AM, Thomas Scheffler wrote: > Am 08.01.16 um 11:43 schrieb Olaf Kock: >> Is there any chance that the first and correctly authenticated cookies >> (despite the debug output "secure=false") are https-only cookies and >> won't get transmitted in http, thus triggering new

Re: handling tomcat failover - session transition to new node

On 22/12/2015 16:22, Jason Britton wrote: > Questions on particulars of session fail over in my on going quest for zero > downtime deployments - > > My current plan is to use JDBCStore for persisting to a database table > shared by all tomcats powering apps. But this has brought up a couple >

handling tomcat failover - session transition to new node

Questions on particulars of session fail over in my on going quest for zero downtime deployments - My current plan is to use JDBCStore for persisting to a database table shared by all tomcats powering apps. But this has brought up a couple concerns... If while a tomcat node is being shut down

Re: Tomcat 8 Session Timeout

sers List <users@tomcat.apache.org>, Date: 04/09/2015 18:39 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/4/15 6:14 AM, theo.swe...@avios.com wrote: > Hi Chris - the servlet spec states "If the time out is 0 or less, > the conta

Re: Tomcat 8 Session Timeout

ing? Theo From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 03/09/2015 16:43 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avi

Re: Tomcat 8 Session Timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/4/15 6:14 AM, theo.swe...@avios.com wrote: > Hi Chris - the servlet spec states "If the time out is 0 or less, > the container ensures the default behavior of sessions is never to > time out." > > Currently the timeout value is set to 2

Re: Tomcat 8 Session Timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/3/15 8:28 AM, theo.swe...@avios.com wrote: > Thanks Chris - that pointer is very helpful. > > Can you clarify by setting session-timeout to 0, implies after 60 > seconds the session will expire or does it imply the same as -1, > that

Re: Tomcat 8 Session Timeout

net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 01/09/2015 17:23 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/1/15 4:29 AM, theo.swe...@avios.com wrote: > Mark - I took a look at the Manager How To Guide as seen he

Re: Tomcat 8 Session Timeout

;ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org>, Date: 28/08/2015 19:09 Subject: Re: Tomcat 8 Session Timeout -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 8/28/15 12:08 PM, theo.swe...@avios.com wrote: > Hello - currently HTTP sessions

Re: Tomcat 8 Session Timeout

mand line mechanism to gracefully terminate sessions? No, but you can use the Manager app to view session contents and expire the sessions. Mark > > Theo > > > > > From: Mark Thomas <ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org>, >

Re: Tomcat 8 Session Timeout

org> To: Tomcat Users List <users@tomcat.apache.org>, Date: 28/08/2015 19:13 Subject: Re: Tomcat 8 Session Timeout On 28/08/2015 12:08, theo.swe...@avios.com wrote: > Hello - currently HTTP sessions are configured to timeout after 120 > seconds, in $CATALINA

Re: Tomcat 8 Session Timeout

:8080/manager/text/expire?path=/examples=0 Do you know if a wildcard can be used for the app name? Theo From: Mark Thomas <ma...@apache.org> To: Tomcat Users List <users@tomcat.apache.org>, Date: 01/09/2015 09:02 Subject: Re: Tomcat 8 Session Timeout On 01/0

Re: Tomcat 8 Session Timeout

<ma...@apache.org> > To: Tomcat Users List <users@tomcat.apache.org>, > Date: 01/09/2015 09:02 > Subject:Re: Tomcat 8 Session Timeout > > > > On 01/09/2015 08:53, theo.swe...@avios.com wrote: >> Hi Mark >> >> Tomcat version? &

Re: Tomcat 8 Session Timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 9/1/15 4:29 AM, theo.swe...@avios.com wrote: > Mark - I took a look at the Manager How To Guide as seen here - > > https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Expire_Ses sions > > It mentions that it's possible to expire

Tomcat 8 Session Timeout

Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config However this is not being honoured by the web services, where many session are lasting longer. From what I

Re: Tomcat 8 Session Timeout

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Theo, On 8/28/15 12:08 PM, theo.swe...@avios.com wrote: Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config I'd highly

Re: Tomcat 8 Session Timeout

On 28/08/2015 12:08, theo.swe...@avios.com wrote: Hello - currently HTTP sessions are configured to timeout after 120 seconds, in $CATALINA_BASE/conf/web.xml session-config session-timeout2/session-timeout /session-config However this is not being honoured by the web

Re: Tomcat 8 - session replication DeltaManager not working

-up-tomcat-cluster-for-session-replication/ mentions Does it mean DeltaManager was not properly loaded? 2) Tomcat docs says All your session attributes must implement java.io.Serializable and I am not sure about it. Below my index.jsp is listed. It an attribute is not a Serializable

Tomcat 8 - session replication DeltaManager not working

/examples to cluster element Engine with name server_name org.apache.catalina.ha.session.DeltaManager start INFO: Starting clustering manager at /examples as blog post http://blogs.agilefaqs.com/2009/11/09/setting-up-tomcat-cluster-for-session-replication/ mentions Does it mean DeltaManager

Tomcat 7.0.54 - Session invalidate broken in some apps

I've found that certain applications will no longer invalidate sessions after upgrading from 7.0.53 to 7.0.54. It seems to require clustering to be set up in Tomcat. If it's not set up, session invalidation works fine. So far, I can only trigger it in a webapp that uses Tapestry Spring Security.

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

2014-05-29 11:58 GMT+04:00 David Rees dree...@gmail.com: I've found that certain applications will no longer invalidate sessions after upgrading from 7.0.53 to 7.0.54. It seems to require clustering to be set up in Tomcat. If it's not set up, session invalidation works fine. So far, I can

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

On Thu, May 29, 2014 at 8:51 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-05-29 11:58 GMT+04:00 David Rees dree...@gmail.com: I've found that certain applications will no longer invalidate sessions after upgrading from 7.0.53 to 7.0.54. It seems to require clustering to be set up

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 David, On 5/29/14, 3:12 PM, David Rees wrote: On Thu, May 29, 2014 at 8:51 AM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-05-29 11:58 GMT+04:00 David Rees dree...@gmail.com: I've found that certain applications will no longer

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

On Thu, May 29, 2014 at 12:16 PM, Christopher Schultz ch...@christopherschultz.net wrote: Do you mean that you have a web application that does this: session.invalidate(); session = request.getSession(true); ... and the old session is in fact not invalidated? Yes. Specifics to make this

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

On Thu, May 29, 2014 at 12:39 PM, David Rees dree...@gmail.com wrote: Yes. Specifics to make this happen seem to be: TC 7.0.54 in a cluster, Tapestry 5.2.6 + Tapestry Spring Security. OK, I was wrong, no Tapestry or Spring Security is required, just a couple JSPs are required to reproduce.

Re: Tomcat 7.0.54 - Session invalidate broken in some apps

On Thu, May 29, 2014 at 6:16 PM, David Rees dree...@gmail.com wrote: I'll open a ticket with these details, too. https://issues.apache.org/bugzilla/show_bug.cgi?id=56578 -Dave - To unsubscribe, e-mail:

Re: Tomcat 7 Session Persistence disable not working as expected

2014-03-10 10:58 GMT+04:00 Akash Jain akash.delh...@gmail.com: Christopher, I have changed in server.xml. Below is the server.xml part - Context path= docBase=ROOT sessionCookieName=mycookie

Re: Tomcat 7 Session Persistence disable not working as expected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 3/11/14, 8:46 AM, Konstantin Kolinko wrote: 2014-03-10 10:58 GMT+04:00 Akash Jain akash.delh...@gmail.com: Christopher, I have changed in server.xml. Below is the server.xml part - Context path= docBase=ROOT

Re: Tomcat 7 Session Persistence disable not working as expected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Akash, On 3/10/14, 1:03 AM, Akash Jain wrote: As documented in https://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Disable_Session_Persistence, I added the following code piece to disable session persistence in Tomcat 7. Manager

Re: Tomcat 7 Session Persistence disable not working as expected

Christopher, I have changed in server.xml. Below is the server.xml part - Context path= docBase=ROOT sessionCookieName=mycookie sessionCookieDomain=myapp.mydomain.com

Tomcat 7 Session Persistence disable not working as expected

As documented in https://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Disable_Session_Persistence, I added the following code piece to disable session persistence in Tomcat 7. Manager pathname= / After this change I can see that SESSIONS.ser is not getting created

Tomcat 7 Session Persistence disable not working as expected

Hi, На понеделник, 10 март 2014 г. Akash Jain akash.delh...@gmail.com написа: As documented in https://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Disable_Session_Persistence , I added the following code piece to disable session persistence in Tomcat 7. What is the exact version

Re: Tomcat 7 Session Persistence disable not working as expected

#Disable_Session_Persistence , I added the following code piece to disable session persistence in Tomcat 7. What is the exact version of Tomcat? The correct documentation for Tomcat 7 is [1]. Regards, Violeta [1] http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html

Re: Scenario with Tomcat cluster session management

2013/1/30 Josh Gooding josh.good...@gmail.com: As usual, I am always working with Tomcat to tweak every ounce of oomph out of it and I ran across this scenario in my configuration trials. At present, I have a small 3 server tomcat cluster running 7.0.30 64-bit on CentOS, and jdk6. I want to

Scenario with Tomcat cluster session management

As usual, I am always working with Tomcat to tweak every ounce of oomph out of it and I ran across this scenario in my configuration trials. At present, I have a small 3 server tomcat cluster running 7.0.30 64-bit on CentOS, and jdk6. I want to move the project from having to use kill -9 (for

RE: Tomcat clustering session attribute is changed without request

: RE: Tomcat clustering session attribute is changed without request Hi, Replication of the attributes is done by the cluster valve. http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-valve.html If you manage to call that code from your own application, than you can do what you want

Re: Tomcat clustering session attribute is changed without request

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 10/24/2011 7:28 AM, Hodchenkov, Paul wrote: 2) AFAIK tomcat fires onSessionDestroyed event when some node in cluster is stopped gracefully. However, in my environment I don't observe such behavior. Is that really what you want? Taking

Re: Tomcat clustering session attribute is changed without request

Hi, thx for the response. Yes, it's ok for me that sessions are not expired(session continue to live on another node) and onsessiondestroyed is not called when one node is stopped. The actual reason why i asked this question was that many folks complained that tomcat always fired

RE: Tomcat clustering session attribute is changed without request

. So, is there any way to force the replication of HttpSession? -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, October 24, 2011 4:08 PM To: Tomcat Users List Subject: Re: Tomcat clustering session attribute is changed without request On 24/10/2011 14:05, Hodchenkov

RE: Tomcat clustering session attribute is changed without request

List Subject: Re: Tomcat clustering session attribute is changed without request On 24/10/2011 14:05, Hodchenkov, Paul wrote: Hi, Thanks for the reply! - What does 'stores session map in memory' actually mean? It's ConcurrentMapString, HttpSession map which is filled by HttpListener. I

Tomcat clustering session attribute is changed without request

Hi all, I have configured tomcat 7 cluster by using [1] with DeltaManager and it works fine. However I have the following 2 questions: 1) My application stores session map in memory(admin can force logout of any user and change some session attribute). Will this session attribute be

Re: Tomcat clustering session attribute is changed without request

Op maandag, 24 oktober 2011 12:55 schreef Hodchenkov, Paul paul.hodchen...@oxagile.com: Hi all, I have configured tomcat 7 cluster by using [1] with DeltaManager and it works fine. However I have the following 2 questions: 1) My application stores session map in

RE: Tomcat clustering session attribute is changed without request

List Subject: Re: Tomcat clustering session attribute is changed without request Op maandag, 24 oktober 2011 12:55 schreef Hodchenkov, Paul paul.hodchen...@oxagile.com: Hi all, I have configured tomcat 7 cluster by using [1] with DeltaManager and it works fine. However I have

Re: Tomcat clustering session attribute is changed without request

On 24/10/2011 11:55, Hodchenkov, Paul wrote: Hi all, I have configured tomcat 7 cluster by using [1] with DeltaManager and it works fine. However I have the following 2 questions: 1) My application stores session map in memory(admin can force logout of any user and change some

RE: Tomcat clustering session attribute is changed without request

in this case? What is the benefit of using JMX connection to access the session instead of HttpListener in this case? -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, October 24, 2011 3:59 PM To: Tomcat Users List Subject: Re: Tomcat clustering session attribute is changed

Re: Tomcat clustering session attribute is changed without request

-Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, October 24, 2011 3:59 PM To: Tomcat Users List Subject: Re: Tomcat clustering session attribute is changed without request On 24/10/2011 11:55, Hodchenkov, Paul wrote: Hi all, I have configured tomcat 7 cluster

Re: Problem with Tomcat 6.0.33 Session replication

On 05.10.2011 16:41, Tobias Quosigk wrote: I'm running 2 servers with Tomcat 6.0.33 and session replication. Tomcat session replication only works with Tomcat starting the first time the server (Windows Server 2008 R2 64-bit) boots. When I stop and then start the Tomcat service via Windows

Problem with Tomcat 6.0.33 Session replication

I'm running 2 servers with Tomcat 6.0.33 and session replication. Tomcat session replication only works with Tomcat starting the first time the server (Windows Server 2008 R2 64-bit) boots. When I stop and then start the Tomcat service via Windows Services, session replication will no longer

Re: Tomcat 5.5.27, session lost, cookies

Hi Chris, as I said in one of my previous mail, I'm not able to reproduce the error anymore. I'm trying to figuring out what's changed (some commit made by someone of our team), and next week I'll test it on some other test environments. I'm trying to collect all the details to send you accurate

Re: Tomcat 5.5.27, session lost, cookies

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Diego, On 6/1/2011 6:27 AM, Diego Ruotolo wrote: BTW, in my previous mails I tell you about the architecture used in our webapp, I send you the HTTP logs as returned by the access log valve and The logs are not useful, since they don't contain

  1   2   >