Re: Session Config = Tracking Mode not working
Hello Konstantin Kolinko, I fixed my dumb web.xml schema declaration. Thanks for pointing that out. I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID). So, next I turned on logEffectiveWebXml=true and verified that the effective web.xml for both of my wars contains: session-config session-timeout30/session-timeout cookie-config /cookie-config tracking-modeCOOKIE/tracking-mode /session-config But the first time I hit the web app, I'm still getting JSESSIONID in the URL. Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files. At this point, I'm not sure what else I should try to debug the problem. Any suggestions would be appreciated. Sincerely, Stephen McCants On Tue, 18 Nov 2014 03:17:27 +0300 Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-11-18 2:49 GMT+03:00 Stephen McCants stephen.mcca...@hcs.us.com: Hello, I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56. First thing I tried was to add session-config/tracking mode to my web.xml, resulting in: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 You are declaring both 2.3 DTD and 3.0 schema. Choose one. There exists a system property that turns on strict servlet compliance mode. If you use it, it enables validation of your web.xml and will catch silly errors like this one. http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification session-config tracking-modeCOOKIE/tracking-mode /session-config If I add the above three lines to the web.xml of examples webapp, it works for me. http://localhost:8080/examples/servlets/servlet/SessionExample On the first visit to that example page look at URL encoded link at the bottom of the page, whether it contains jsessionid in it or not. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Stephen McCants Senior Software Engineer Healthcare Control Systems, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session Config = Tracking Mode not working
2014-11-19 0:21 GMT+03:00 Stephen McCants stephen.mcca...@hcs.us.com: Hello Konstantin Kolinko, I fixed my dumb web.xml schema declaration. Thanks for pointing that out. I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID). So, next I turned on logEffectiveWebXml=true and verified that the effective web.xml for both of my wars contains: session-config session-timeout30/session-timeout cookie-config /cookie-config tracking-modeCOOKIE/tracking-mode /session-config But the first time I hit the web app, I'm still getting JSESSIONID in the URL. Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files. At this point, I'm not sure what else I should try to debug the problem. Any suggestions would be appreciated. a) Run with a debugger https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Possible points: org.apache.catalina.connector.Response.encodeURL() org.apache.catalina.connector.Response.encodeRedirectURL() org.apache.catalina.connector.CoyoteAdapter.service() b) Simplify your web application until it becomes a simple example that can be reproduced by someone else. c) But the first time I hit the web app Is that first time response actually served by your web app, or by some other (e.g. ROOT)? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session Config = Tracking Mode not working
2014-11-19 0:53 GMT+03:00 Konstantin Kolinko knst.koli...@gmail.com: 2014-11-19 0:21 GMT+03:00 Stephen McCants stephen.mcca...@hcs.us.com: Hello Konstantin Kolinko, I fixed my dumb web.xml schema declaration. Thanks for pointing that out. I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID). So, next I turned on logEffectiveWebXml=true and verified that the effective web.xml for both of my wars contains: session-config session-timeout30/session-timeout cookie-config /cookie-config tracking-modeCOOKIE/tracking-mode /session-config But the first time I hit the web app, I'm still getting JSESSIONID in the URL. Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files. At this point, I'm not sure what else I should try to debug the problem. Any suggestions would be appreciated. a) Run with a debugger https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Possible points: org.apache.catalina.connector.Response.encodeURL() org.apache.catalina.connector.Response.encodeRedirectURL() org.apache.catalina.connector.CoyoteAdapter.service() Also: org.apache.catalina.session.StandardSession.getId(). It is the actual Id that is being printed as jsessionid there. It shall be read using that method. If debugging is hard, adding some logging with some stacktraces and recompiling can help. b) Simplify your web application until it becomes a simple example that can be reproduced by someone else. c) But the first time I hit the web app Is that first time response actually served by your web app, or by some other (e.g. ROOT)? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session Config = Tracking Mode not working
Spent sometime in the debugger and it is Shiro that is appending the JSESSIONID on a redirect if the session cookie hasn't been set yet. So, now I'm off to figure out how to turn it off in Shiro. Thanks again for your help! Sincerely, Stephen McCants On Wed, 19 Nov 2014 01:51:53 +0300 Konstantin Kolinko knst.koli...@gmail.com wrote: 2014-11-19 0:53 GMT+03:00 Konstantin Kolinko knst.koli...@gmail.com: 2014-11-19 0:21 GMT+03:00 Stephen McCants stephen.mcca...@hcs.us.com: Hello Konstantin Kolinko, I fixed my dumb web.xml schema declaration. Thanks for pointing that out. I also added the COOKIE tracking mode to the example servlet and it worked there (the URL encoded link did not contain the JSESSIONID). So, next I turned on logEffectiveWebXml=true and verified that the effective web.xml for both of my wars contains: session-config session-timeout30/session-timeout cookie-config /cookie-config tracking-modeCOOKIE/tracking-mode /session-config But the first time I hit the web app, I'm still getting JSESSIONID in the URL. Then I turned on Strict Compliance to wring out any other errors in my web.xml that might be causing the problem. It found some problems in the Tag Library tld files and fixed those, but that had no effect on JSESSIONID in the URL. I have no further errors in Catalina log or any other logs files. At this point, I'm not sure what else I should try to debug the problem. Any suggestions would be appreciated. a) Run with a debugger https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Possible points: org.apache.catalina.connector.Response.encodeURL() org.apache.catalina.connector.Response.encodeRedirectURL() org.apache.catalina.connector.CoyoteAdapter.service() Also: org.apache.catalina.session.StandardSession.getId(). It is the actual Id that is being printed as jsessionid there. It shall be read using that method. If debugging is hard, adding some logging with some stacktraces and recompiling can help. b) Simplify your web application until it becomes a simple example that can be reproduced by someone else. c) But the first time I hit the web app Is that first time response actually served by your web app, or by some other (e.g. ROOT)? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Stephen McCants Senior Software Engineer Healthcare Control Systems, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Session Config = Tracking Mode not working
Hello, I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56. First thing I tried was to add session-config/tracking mode to my web.xml, resulting in: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 session-config tracking-modeCOOKIE/tracking-mode /session-config However, that didn't seem to have any effect, so next I setting it in the default /conf/web.xml: session-config session-timeout30/session-timeout !-- Disable writing the session cookie on the URL -- tracking-modeCOOKIE/tracking-mode /session-config This to had no effect. I also found no error messages in the logs and didn't turn up anything helpful on Google, so I'm at a loss as to why this isn't working. On our production server, we are using mod_rewrite and Apache to strip it out of the URL, so the user never sees it, but I'm needing to do some testing on a local system and would rather not have the complication of Apache present. Some of the software running tests is getting confused by the JSESSIONID on the URL the first time it hits our login page, so it doesn't recognize the login page. Thoughts as to where I might have gone wrong? Thanks in advance. Sincerely, Stephen -- Stephen McCants Senior Software Engineer Healthcare Control Systems, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session Config = Tracking Mode not working
2014-11-18 2:49 GMT+03:00 Stephen McCants stephen.mcca...@hcs.us.com: Hello, I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat Web App, but I've not been able to get it working for some reason that eludes me. This is under Tomcat 7.0.37 and Tomcat 7.0.56. First thing I tried was to add session-config/tracking mode to my web.xml, resulting in: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 You are declaring both 2.3 DTD and 3.0 schema. Choose one. There exists a system property that turns on strict servlet compliance mode. If you use it, it enables validation of your web.xml and will catch silly errors like this one. http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification session-config tracking-modeCOOKIE/tracking-mode /session-config If I add the above three lines to the web.xml of examples webapp, it works for me. http://localhost:8080/examples/servlets/servlet/SessionExample On the first visit to that example page look at URL encoded link at the bottom of the page, whether it contains jsessionid in it or not. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
