Re: JSESSION ID
Mohan, On 7/1/21 07:27, Mohan T wrote: Dear All, We are using tomcat 8.5.35 on Linux. We are getting two session ID for the same Http request.. Similar session ID is marked in yellow This is the session ID in startup JSESSIONID=FFE8F98C012CDB4461FC8E68C109298E This is the session ID in dispatcher JSESSIONID=7CAFF4519565D00381DF792E375D241C; JSESSIONID=FFE8F98C012CDB4461FC8E68C109298E Request for any inputs on this Can you reproduce this yourself? If so, go into your browser and open the "developer tools" and have a look at the cookies for the site. Check the "path" of the cookie. Browsers identify cookies based upon a number of different metadata fields, including the "path". If you have a JSESSIONID cookie for / and another one for /foo, then both will be sent if you are vising resources at /foo. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JSESSION ID
Dear All,
We are using tomcat 8.5.35 on Linux.
We are getting two session ID for the same Http request.. Similar session ID is
marked in yellow
This is the session ID in startup JSESSIONID=FFE8F98C012CDB4461FC8E68C109298E
This is the session ID in dispatcher
JSESSIONID=7CAFF4519565D00381DF792E375D241C;
JSESSIONID=FFE8F98C012CDB4461FC8E68C109298E
Request for any inputs on this
Thanks
Mohan
DISCLAIMER: This communication contains information which is confidential and
the copyright of Ramco Systems Ltd, its subsidiaries or a third party
("Ramco"). This email may also contain legally privileged information.
Confidentiality and legal privilege attached to this communication are not
waived or lost by reason of mistaken delivery to you.This email is intended to
be read or used by the addressee only. If you are not the intended recipient,
any use, distribution, disclosure or copying of this email is strictly
prohibited without the express written approval of Ramco. Please delete and
destroy all copies and email Ramco at le...@ramco.com immediately. Any views
expressed in this communication are those of the individual sender, except
where the sender specifically states them to be the views of Ramco. Except as
required by law, Ramco does not represent, warrant and/or guarantee that the
integrity of this communication has been maintained nor that the communication
is free of errors, virus, interception or interference. If you do not wish to
receive such communications, please forward this communication to
market...@ramco.com and express your wish not to receive such communications
henceforth.
Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
2015-07-23 11:32 GMT+03:00 Rahul Kumar Singh rahul.si...@nectechnologies.in:
Dear Christopher,
On further debugging, I found out the difference is seen between 6.0.32 (same
behavior as in 6.0.28 reported earlier) and 6.0.33 (same as in 7.0.54
reported earlier ) I could not figure out which change ( as mentioned in link
https://tomcat.apache.org/tomcat-6.0-doc/changelog.html ) has caused this
difference.
Step to reproduce it?
1. Untar tomcat versions(Tomcat V6.0.32 and Tomcat V6.0.33)
2. Enable access log by uncommenting 'AccessLogValve' in conf/server.xml
as shown below
Valve className=org.apache.catalina.valves.AccessLogValve
directory=${catalina.base}/logs
prefix=localhost_access_log. suffix=.txt pattern=common
resolveHosts=false/
3. Deploy a simple web application (login.jsp) in Tomcat.
// login.jsp in tomcat
html
body
%
String str = request.getRequestURI();
System.out.println(str);
out.println(str);
%
/body
/html
4. Start tomcat
5. Run client wget to execute the login.jsp
6. View access log file entry
Thank you for version numbers.
This is expected behaviour. I added comments on the history of this change here:
https://bz.apache.org/bugzilla/show_bug.cgi?id=51833
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
Dear Christopher,
On further debugging, I found out the difference is seen between 6.0.32 (same
behavior as in 6.0.28 reported earlier) and 6.0.33 (same as in 7.0.54 reported
earlier ) I could not figure out which change ( as mentioned in link
https://tomcat.apache.org/tomcat-6.0-doc/changelog.html ) has caused this
difference.
Step to reproduce it?
1. Untar tomcat versions(Tomcat V6.0.32 and Tomcat V6.0.33)
2. Enable access log by uncommenting 'AccessLogValve' in conf/server.xml
as shown below
Valve className=org.apache.catalina.valves.AccessLogValve
directory=${catalina.base}/logs
prefix=localhost_access_log. suffix=.txt pattern=common
resolveHosts=false/
3. Deploy a simple web application (login.jsp) in Tomcat.
// login.jsp in tomcat
html
body
%
String str = request.getRequestURI();
System.out.println(str);
out.println(str);
%
/body
/html
4. Start tomcat
5. Run client wget to execute the login.jsp
6. View access log file entry
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, July 21, 2015 8:47 PM
To: Tomcat Users List
Subject: Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why
there is different behaviour in Tomcat 6 and Tomcat 7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rahul,
On 7/21/15 6:38 AM, Rahul Kumar Singh wrote:
“;jsessionid=C1A67FB90E1300DF14EE027A3634A34B” passed in URL
localhost:8080/login.jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B
is not received in tomcat 6(V6.0.28). It is received in tomcat
7(V7.0.54). What is reason for the different behavior?
I'm not sure why the change in behavior, but when a client requests a protected
resource, the container has to redirect that client to the login page.
Before the redirect, a session is created to hold the saved-request to the
originally-requested protected resource. This session id needs to be preserved.
If the container can't tell if the client supports cookie-based session
tracking, it must encode the session id in the login URL just in case. You'll
find that, if you use a browser with cookies enabled, after the login page
there will be no jsessionid path parameters in your URLs.
Is the presence of the jsessionid path parameter a problem for you?
(And at this point, it's really a good idea to start planning your upgrade path
to Tomcat 8, which is quite reliable and stable. Tomcat 6 will EOL 2016-12-31:
http://tomcat.apache.org/tomcat-60-eol.html)
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVrmJmAAoJEBzwKT+lPKRYhZ4P/0CcVBy4y8S4uXbgc/0ClZ3Z
nD5IBoCei2B3Nek1ioK9gTKpvC+ft0XmQ8ZSoqLKKaz8yuBR8S4Ghts6XzTKogSL
LKLm/WBoNlVw9WcD22HyiVx614irOWow1Z/kuWOHywxC1D+D9YGgN+I85xdc0ubo
gV/7831REdUZdBM0m9D58p/LBZn57cBC79/MPFNOY+jgh2vRuvTjQ2wugH1F4GMi
ll3Oj7DivwusVH5NBzR1kdr+8doM8IRTqpPJIXhptTlyZwCvo9BcdgQgapbAG0Ds
mn3DKBSfiAbxXt64syerLyZWsU0kHWu9nMFaglprFSN+enGXZIDOsi1VxhUbms+A
9n3mFJn4oXNnQ4dIy6V2ZKmRNiMYspSqeVh0qNb34qZYqfQHTjV2e7MYU+cwBk44
qy77vB2FAiwrAu73bF/E0U+aw6PrvjX/S2/6hfN6rePh7+nwX2cYrEGMHd57rUQA
OZWaJZ5YQAuguglkKQy7Kz6i7zpUy8IA0oKd7fEYweMBb8TxpxO9sck1UgRRu/Xl
SvUGShSVgOSGqR22mHzIawmCiPacDQBg/c3IdqkegRhMnOuLnkM8s08/oeNRazSC
ZLi8Ano7Yy97Mc064yKFn5pwFWSLCYN3p4brHkNrv49rulp5CUSU3jRZTdVCBueh
MG41DNmnywwNsl4yaJBG
=Ieud
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
DISCLAIMER:
---
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NEC or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NEC or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
---
RE: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
Dear Konstantin,
On further debugging, I found out the difference is seen between 6.0.32 (same
behavior as in 6.0.28 reported earlier) and 6.0.33 (same as in 7.0.54 reported
earlier ) I could not figure out which change ( as mentioned in link
https://tomcat.apache.org/tomcat-6.0-doc/changelog.html ) has caused this
difference.
Step to reproduce it?
1. Untar tomcat versions(Tomcat V6.0.32 and Tomcat V6.0.33)
2. Enable access log by uncommenting 'AccessLogValve' in conf/server.xml
as shown below
Valve className=org.apache.catalina.valves.AccessLogValve
directory=${catalina.base}/logs
prefix=localhost_access_log. suffix=.txt pattern=common
resolveHosts=false/
3. Deploy a simple web application (login.jsp) in Tomcat.
// login.jsp in tomcat
html
body
%
String str = request.getRequestURI();
System.out.println(str);
out.println(str);
%
/body
/html
4. Start tomcat
5. Run client wget to execute the login.jsp
6. View access log file entry
-Original Message-
From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
Sent: Tuesday, July 21, 2015 5:32 PM
To: Tomcat Users List
Subject: Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why
there is different behaviour in Tomcat 6 and Tomcat 7
2015-07-21 14:38 GMT+03:00 Rahul Kumar Singh rahul.si...@nectechnologies.in:
Hello Tomcat Team,
“;jsessionid=C1A67FB90E1300DF14EE027A3634A34B” passed in URL
localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B
is not received in tomcat 6(V6.0.28) . It is received in tomcat 7(V7.0.54) .
What is reason for the different behavior?
I used WGET command to send same request to both version of tomcats. Access
logs (logs/localhost_access_log.txt ) of both tomcat versions show the
difference
WGET REQUEST:
wget localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B
.
Observations:
TOMCAT 7.0.54 ACCESS LOGS:
127.0.0.1 - - [21/Jul/2015:08:30:13 +] GET
/login.jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B HTTP/1.0 200 1063
-Original Message-
From: Rahul Kumar Singh
Sent: Tuesday, June 23, 2015 6:17 PM
To: 'Tomcat Users List'
Subject: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID.
Hello Tomcat team,
In Tomcat7.0.54 We have observe that Login URL is Appended with JSESSIONID
parameter in our Web Application
Example:
/framework/login.action;jsessionid=098D3C84B56FF2A2A25E88E4F059A20B
System Configuration (WINDOW7+IE-8)
Due to this session authentication get failed.
1. Step by step recipe to reproduce your issue = ?
2. 6.0.28 is old. The current one is 6.0.44
3. http://tomcat.apache.org/security-6.html
CVE-2013-2067 ?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
DISCLAIMER:
---
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only.
It shall not attach any liability on the originator or NEC or its
affiliates. Any views or opinions presented in
this email are solely those of the author and may not necessarily reflect the
opinions of NEC or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have
received this email in error please delete it and notify the sender
immediately. .
---
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rahul, On 7/21/15 6:38 AM, Rahul Kumar Singh wrote: “;jsessionid=C1A67FB90E1300DF14EE027A3634A34B” passed in URL localhost:8080/login.jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B is not received in tomcat 6(V6.0.28). It is received in tomcat 7(V7.0.54). What is reason for the different behavior? I'm not sure why the change in behavior, but when a client requests a protected resource, the container has to redirect that client to the login page. Before the redirect, a session is created to hold the saved-request to the originally-requested protected resource. This session id needs to be preserved. If the container can't tell if the client supports cookie-based session tracking, it must encode the session id in the login URL just in case. You'll find that, if you use a browser with cookies enabled, after the login page there will be no jsessionid path parameters in your URLs. Is the presence of the jsessionid path parameter a problem for you? (And at this point, it's really a good idea to start planning your upgrade path to Tomcat 8, which is quite reliable and stable. Tomcat 6 will EOL 2016-12-31: http://tomcat.apache.org/tomcat-60-eol.html) - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVrmJmAAoJEBzwKT+lPKRYhZ4P/0CcVBy4y8S4uXbgc/0ClZ3Z nD5IBoCei2B3Nek1ioK9gTKpvC+ft0XmQ8ZSoqLKKaz8yuBR8S4Ghts6XzTKogSL LKLm/WBoNlVw9WcD22HyiVx614irOWow1Z/kuWOHywxC1D+D9YGgN+I85xdc0ubo gV/7831REdUZdBM0m9D58p/LBZn57cBC79/MPFNOY+jgh2vRuvTjQ2wugH1F4GMi ll3Oj7DivwusVH5NBzR1kdr+8doM8IRTqpPJIXhptTlyZwCvo9BcdgQgapbAG0Ds mn3DKBSfiAbxXt64syerLyZWsU0kHWu9nMFaglprFSN+enGXZIDOsi1VxhUbms+A 9n3mFJn4oXNnQ4dIy6V2ZKmRNiMYspSqeVh0qNb34qZYqfQHTjV2e7MYU+cwBk44 qy77vB2FAiwrAu73bF/E0U+aw6PrvjX/S2/6hfN6rePh7+nwX2cYrEGMHd57rUQA OZWaJZ5YQAuguglkKQy7Kz6i7zpUy8IA0oKd7fEYweMBb8TxpxO9sck1UgRRu/Xl SvUGShSVgOSGqR22mHzIawmCiPacDQBg/c3IdqkegRhMnOuLnkM8s08/oeNRazSC ZLi8Ano7Yy97Mc064yKFn5pwFWSLCYN3p4brHkNrv49rulp5CUSU3jRZTdVCBueh MG41DNmnywwNsl4yaJBG =Ieud -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
Hello Tomcat Team, “;jsessionid=C1A67FB90E1300DF14EE027A3634A34B” passed in URL localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B is not received in tomcat 6(V6.0.28) . It is received in tomcat 7(V7.0.54) . What is reason for the different behavior? I used WGET command to send same request to both version of tomcats. Access logs (logs/localhost_access_log.txt ) of both tomcat versions show the difference WGET REQUEST: wget localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B . Observations: TOMCAT 7.0.54 ACCESS LOGS: 127.0.0.1 - - [21/Jul/2015:08:30:13 +] GET /login.jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B HTTP/1.0 200 1063 -Original Message- From: Rahul Kumar Singh Sent: Tuesday, June 23, 2015 6:17 PM To: 'Tomcat Users List' Subject: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. Hello Tomcat team, In Tomcat7.0.54 We have observe that Login URL is Appended with JSESSIONID parameter in our Web Application Example: /framework/login.action;jsessionid=098D3C84B56FF2A2A25E88E4F059A20B System Configuration (WINDOW7+IE-8) Due to this session authentication get failed. But in Tomcat 6 It is not happening. Could any one help me on this from Apache Tomcat community. Regards, Rahul Kumar Singh DISCLAIMER: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NEC or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NEC or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. . ---
Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7
2015-07-21 14:38 GMT+03:00 Rahul Kumar Singh rahul.si...@nectechnologies.in: Hello Tomcat Team, “;jsessionid=C1A67FB90E1300DF14EE027A3634A34B” passed in URL localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B is not received in tomcat 6(V6.0.28) . It is received in tomcat 7(V7.0.54) . What is reason for the different behavior? I used WGET command to send same request to both version of tomcats. Access logs (logs/localhost_access_log.txt ) of both tomcat versions show the difference WGET REQUEST: wget localhost:8080/login. jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B . Observations: TOMCAT 7.0.54 ACCESS LOGS: 127.0.0.1 - - [21/Jul/2015:08:30:13 +] GET /login.jsp;jsessionid=C1A67FB90E1300DF14EE027A3634A34B HTTP/1.0 200 1063 -Original Message- From: Rahul Kumar Singh Sent: Tuesday, June 23, 2015 6:17 PM To: 'Tomcat Users List' Subject: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. Hello Tomcat team, In Tomcat7.0.54 We have observe that Login URL is Appended with JSESSIONID parameter in our Web Application Example: /framework/login.action;jsessionid=098D3C84B56FF2A2A25E88E4F059A20B System Configuration (WINDOW7+IE-8) Due to this session authentication get failed. 1. Step by step recipe to reproduce your issue = ? 2. 6.0.28 is old. The current one is 6.0.44 3. http://tomcat.apache.org/security-6.html CVE-2013-2067 ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rahul, On 6/23/15 8:46 AM, Rahul Kumar Singh wrote: Hello Tomcat team, In Tomcat7.0.54 We have observe that Login URL is Appended with JSESSIONID parameter in our Web Application Example: /framework/login.action;jsessionid=098D3C84B56FF2A2A25E88E4F059A20B System Configuration (WINDOW7+IE-8) Due to this session authentication get failed. Why does it fail? Tomcat will happily use the JSESSIONID if it's in a Cookie. If the cookie isn't sent, it will use the ;jsessionid path parameter instead. But in Tomcat 6 It is not happening. Could any one help me on this from Apache Tomcat community. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJViXj0AAoJEBzwKT+lPKRYPbsP/2rJi7Sw41jU3/zW3gcdvOIO k+bWnleX0hmGNa4EWQAE/y9F55OV5id6BzjM4Aw+TXSf1R4TjfnwPEdXWHNYcB2r /9pmEGH/3vyjr93uV8pJRVgYxE7fglHmw00AbSCXtBjrR2h70nkO9xXcovEegaLr IhWbCqy2GQDeX/cdKV+Z+ZH3m2Dn2H7ZFH+Z1itUlYhtTHBwejWkpqBd0CtqoYFz 7lVWoYEmfHBRYt4u8q1Y23QevE9jNxmlatD+7sNOer4kaHNqeqIauFTEUw9HVEj/ 9+NwLv4qO9/64L1eHeY2Cl9VDo2cKxVTGmljMWTELio8E2LRDzstshOfOj6o1Mmi YxmdZvLkU7MfC/owRt/rGB0ZkIOrJ5soyx/HaFR3h4ASftpalr1wJhtJrstMeC4i pxGf7SjDeBIFvQTdV+BbDUxV+C3pwEn2jBdoIUU7GBXU71lhoMeukDsCRwzIlgu6 w90BXPn70uQIhYhu+VDTJxoBjp9G9H8P2w4FHoFmjlwSTVMKiIt1z2aCrTSlZtlF EEYnt8wQz0GgZHGKYM22W0yNsyZ2sxFNU21y5izr+xpPPwJ24CpKSZ2hOTWTXFcy HXwxrRYyWDK9Yji3LJLlofOU1raMNEAMwoZF+L31iXJ6+OfHZ+JPodxzVyMHfDrb YOmzrlSuRibMrYrLNZLt =tdo2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID.
Hello Tomcat team, In Tomcat7.0.54 We have observe that Login URL is Appended with JSESSIONID parameter in our Web Application Example: /framework/login.action;jsessionid=098D3C84B56FF2A2A25E88E4F059A20B System Configuration (WINDOW7+IE-8) Due to this session authentication get failed. But in Tomcat 6 It is not happening. Could any one help me on this from Apache Tomcat community. Regards, Rahul Kumar Singh DISCLAIMER: --- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NEC or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NEC or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. . --- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [tomcat 7 migartion] cannot load images with jsession id in url
Thanks you were correct. It was my code. Though my code did work in tomcat 6 which I very surprising... Found the bug in my code... -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, June 23, 2011 2:54 AM To: Tomcat Users List Subject: Re: [tomcat 7 migartion] cannot load images with jsession id in url 2011/6/22 Guy Katz gk...@allot.com: Hi all; I am migrating to tomcat 7 from 6. In tomcat 6 urls like http://68.169.51.83:8080/gallery/wave_surfing_gallery_thumb_652.jpg;js es sionid=A859D830090798F238DABADC713C1327 would load an image but in tomcat 7 I get the following response: The Image . cannot be displayed because it contains errors First you will have to find, what the difference is. - corrupted file (e.g. by transferring a binary file as text over FTP, or using a Writer to serve binary data) - truncated file - wrong response headers E.g. with wget --save-headers If Tomcat 7 were not able to serve images it would have been noted a long ago. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ## This message is intended only for the designated recipient(s).It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you. ## - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[tomcat 7 migartion] cannot load images with jsession id in url
Hi all; I am migrating to tomcat 7 from 6. In tomcat 6 urls like http://68.169.51.83:8080/gallery/wave_surfing_gallery_thumb_652.jpg;jses sionid=A859D830090798F238DABADC713C1327 would load an image but in tomcat 7 I get the following response: The Image . cannot be displayed because it contains errors I noticed there were some changes in configuration (by looking in the migration guide) but I still can't understand how to overcome this. I would appreciate your help. Thanks. Guy Katz NetXplorer Server Team Leader RD Allot Communications * a mind for networks(tm) Tel: + 972 9 761 9288 Fax: + 972 9 744 3626 gk...@allot.com mailto:gk...@allot.com www.allot.com http://www.allot.com ## This message is intended only for the designated recipient(s).It may contain confidential or proprietary information. If you are not the designated recipient, you may not review, copy or distribute this message. If you have mistakenly received this message, please notify the sender by a reply e-mail and delete this message. Thank you. ##
Re: [tomcat 7 migartion] cannot load images with jsession id in url
2011/6/22 Guy Katz gk...@allot.com: Hi all; I am migrating to tomcat 7 from 6. In tomcat 6 urls like http://68.169.51.83:8080/gallery/wave_surfing_gallery_thumb_652.jpg;jses sionid=A859D830090798F238DABADC713C1327 would load an image but in tomcat 7 I get the following response: The Image . cannot be displayed because it contains errors First you will have to find, what the difference is. - corrupted file (e.g. by transferring a binary file as text over FTP, or using a Writer to serve binary data) - truncated file - wrong response headers E.g. with wget --save-headers If Tomcat 7 were not able to serve images it would have been noted a long ago. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
Tomcat Users: I'm working with a current session identity issue between separate browser instances, and have decided that the most plausible solution is to reconfigure tomcat to auto-append the JSESSION ID at the end of each URL. The only problem is, our system administrator cannot seem to dig up this information over the internet. I have not dug deep into the issue, but I trust his judgment, and thought I would send a note to the subscription line to see if anyone is familiar with the server.xml configuration change that needs to occur to enable this feature. I appreciate the assistance and apologize for any inconvenience. Regards, Jonathan
RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append If you're really running on 5.5.2, you need to move up - ASAP. Lots and lots of fixes, including security-related ones, have gone in since that version was released over four years ago. I'm working with a current session identity issue between separate browser instances, and have decided that the most plausible solution is to reconfigure tomcat to auto-append the JSESSION ID at the end of each URL. You will at least need to disable cookies: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html%20Attributes Beyond that, I'm not aware of any automatic way of appending JSESSIONID; your webapp has to participate. Look at this message for one such technique: http://marc.info/?l=tomcat-userm=117583468505179w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
I will forward your response about upgrading tomcat to the appropriate team, however we are only using tomcat internally so I do not believe it's a major concern. In regards to the current issue, I'm at lost on the appropriate measures to take. Here's my original email which was sent to the system administrator. Maybe you can take a gander at it and help me understand a better approach to take without modifying the codebase: --- START --- I'm currently working on a Seamus Issue which disallows the user from operating on separate session namespaces within the same browser instance. For example, when a user instantiates a new tab and loads a separate story, the second story will overwrite the first since we have no measure to separate these separate tabular sessions. This effect (untested on my end) should cascade from the original parent to the last child instance, being that each load will just overwrite the current data container. There are a couple different methods to handle this; however the easiest approach would be to modify the tomcat configuration to append the JSESSION Cookie Id to the URL String. By doing this, we could then create a separate namespace for each distinct tab-load, and essentially delegate out the data to each specific session namespace. The downside to this is that because it's a full system change, it will most likely require a full regression test. We are seeking alternate approaches within the code-base, however if this approach seems manageable, it seems to be the most feasible method. What are your feelings on this? --- END --- Thanks for the help. - Jonathan -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:14 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append If you're really running on 5.5.2, you need to move up - ASAP. Lots and lots of fixes, including security-related ones, have gone in since that version was released over four years ago. I'm working with a current session identity issue between separate browser instances, and have decided that the most plausible solution is to reconfigure tomcat to auto-append the JSESSION ID at the end of each URL. You will at least need to disable cookies: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html%20Attributes Beyond that, I'm not aware of any automatic way of appending JSESSIONID; your webapp has to participate. Look at this message for one such technique: http://marc.info/?l=tomcat-userm=117583468505179w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
Sorry - forgot to mention. We are using cookies in various places to track different actions, so disabling cookies cannot be taken into account. Thanks for the technique though. -Original Message- From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:40 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append I will forward your response about upgrading tomcat to the appropriate team, however we are only using tomcat internally so I do not believe it's a major concern. In regards to the current issue, I'm at lost on the appropriate measures to take. Here's my original email which was sent to the system administrator. Maybe you can take a gander at it and help me understand a better approach to take without modifying the codebase: --- START --- I'm currently working on a Seamus Issue which disallows the user from operating on separate session namespaces within the same browser instance. For example, when a user instantiates a new tab and loads a separate story, the second story will overwrite the first since we have no measure to separate these separate tabular sessions. This effect (untested on my end) should cascade from the original parent to the last child instance, being that each load will just overwrite the current data container. There are a couple different methods to handle this; however the easiest approach would be to modify the tomcat configuration to append the JSESSION Cookie Id to the URL String. By doing this, we could then create a separate namespace for each distinct tab-load, and essentially delegate out the data to each specific session namespace. The downside to this is that because it's a full system change, it will most likely require a full regression test. We are seeking alternate approaches within the code-base, however if this approach seems manageable, it seems to be the most feasible method. What are your feelings on this? --- END --- Thanks for the help. - Jonathan -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:14 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append If you're really running on 5.5.2, you need to move up - ASAP. Lots and lots of fixes, including security-related ones, have gone in since that version was released over four years ago. I'm working with a current session identity issue between separate browser instances, and have decided that the most plausible solution is to reconfigure tomcat to auto-append the JSESSION ID at the end of each URL. You will at least need to disable cookies: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html%20Attributes Beyond that, I'm not aware of any automatic way of appending JSESSIONID; your webapp has to participate. Look at this message for one such technique: http://marc.info/?l=tomcat-userm=117583468505179w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
Ok, I was wrong. I am reading up on it now and it apparently only disables the session cookie, which might be what I'm seeking. Thanks for the help. - Jonathan -Original Message- From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:44 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append Sorry - forgot to mention. We are using cookies in various places to track different actions, so disabling cookies cannot be taken into account. Thanks for the technique though. -Original Message- From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:40 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append I will forward your response about upgrading tomcat to the appropriate team, however we are only using tomcat internally so I do not believe it's a major concern. In regards to the current issue, I'm at lost on the appropriate measures to take. Here's my original email which was sent to the system administrator. Maybe you can take a gander at it and help me understand a better approach to take without modifying the codebase: --- START --- I'm currently working on a Seamus Issue which disallows the user from operating on separate session namespaces within the same browser instance. For example, when a user instantiates a new tab and loads a separate story, the second story will overwrite the first since we have no measure to separate these separate tabular sessions. This effect (untested on my end) should cascade from the original parent to the last child instance, being that each load will just overwrite the current data container. There are a couple different methods to handle this; however the easiest approach would be to modify the tomcat configuration to append the JSESSION Cookie Id to the URL String. By doing this, we could then create a separate namespace for each distinct tab-load, and essentially delegate out the data to each specific session namespace. The downside to this is that because it's a full system change, it will most likely require a full regression test. We are seeking alternate approaches within the code-base, however if this approach seems manageable, it seems to be the most feasible method. What are your feelings on this? --- END --- Thanks for the help. - Jonathan -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2008 2:14 PM To: Tomcat Users List Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append If you're really running on 5.5.2, you need to move up - ASAP. Lots and lots of fixes, including security-related ones, have gone in since that version was released over four years ago. I'm working with a current session identity issue between separate browser instances, and have decided that the most plausible solution is to reconfigure tomcat to auto-append the JSESSION ID at the end of each URL. You will at least need to disable cookies: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html%20Attributes Beyond that, I'm not aware of any automatic way of appending JSESSIONID; your webapp has to participate. Look at this message for one such technique: http://marc.info/?l=tomcat-userm=117583468505179w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append
From: Jonathan Kushner [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat 5.5.2 Configurations for JSESSION ID Cookie Append I'm currently working on a Seamus Issue which disallows the user from operating on separate session namespaces within the same browser instance. For example, when a user instantiates a new tab and loads a separate story, the second story will overwrite the first since we have no measure to separate these separate tabular sessions. Sounds like you really need to be tracking the information via something other than a Session. Playing with JSESSIONID is a stop-gap at best, and likely not a full solution. Perhaps you can use some token embedded in each tab or web page as a key to a HashTable that tracks the information you need. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
