Thanks for the reply, don't want to hijack the thread.
The list thanks you for your courtesy. :) This is now in it's own thread.
I don't think it's a question of cached pages, but proxyserver does seem to
be doing something. The first page is a login, and when it's submitted, the
request passes a query string that calls the servlet. Servlet creates a new
session and I can see a new cookie containing JSESSIONID. The servlet then
displays results from a db query. Any further requests, whether to scroll
the results, add new record, or view individual record causes the servlet to
create a new session because request.getSession(true) is called and doesn't
find the cookie in the request. Accessing the web app from inside the proxy
works okay.
I'm a bit unclear as to exactly what's happening, but I'll try anyways.
If Tomcat receives no JESSIONID or an invalid JSESSIONID, calling HttpServletRequest#getSession(true) will create a new HttpSession with a new sessionId. This is why you're seeing each request have a different sessionId in your logs.
At 08:44 AM 11/6/2003, you wrote:
How would I do that? Add to the query string?
You can either go about trying to patch your app together by appending values to query strings and the like, or you can put in the effort to get it working right (can you tell I'm biased towards the later?).
You mentioned that you tested the app from behind the proxy and it worked correctly. The next question is, if you look at the responses from in front of the proxy, are they still correct? The working theory is that they won't be, but you won't really know until you have Http message examples from both in front and behind the proxy. Like I said before, setup a simple http proxy (these are *really* simple to use) to log your http messages. Check out the cookies and params being sent back and forth. Once you've proven that your proxy is messing with the JSESSIONID, figure out how to fix it.
That's the robust, permanent solution.
Wendell
justin
-----Original Message----- From: Phillip Qin [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 8:55 AM To: 'Tomcat Users List' Subject: RE: Tomcat 4 losing session (may be related to Win XP)
Have you tried to append jsessionid?
-----Original Message----- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: November 5, 2003 9:32 PM To: Tomcat Users List Subject: RE: Tomcat 4 losing session (may be related to Win XP)
At 04:14 PM 11/5/2003, you wrote:
>I've been pulling hair out for several days with what turns out to be the
>same problem, except it's occurring on a Windows 2000 Server running IIS
>5.0
>and Tomcat 4.1.24. The logs show that the first request to a servlet done
>via POST gets a different session id than the follow-on request via GET to
>the same servlet, same URL.
>The same app works fine on another Win2K server running Apache. The one
>that doesn't work is behind a proxy server doing proxypassdir's to map a
>URL
>to an internal IP. Could this be the problem, or is it an IIS thing?
If you really want to see what's happening, put your own proxy between the client and the first server on your backend (I use zproxy -- google for it) to look at the http messages going back and forth. Check the response that you're getting from Tomcat and note the JSESSIONID provided after the first call. See what JSESSIONID the client machine sends back. You can put the same proxy (or any http-level sniffer) between any of the servers and see who's passing what.
If you've established that Tomcat is receiving two different sessionId values, then you can be sure there's a mixup somewhere else (and the more hands you've got in the cookie jar, the more chances someone else is screwing things up).
>Wendell Holmes
justin
>-----Original Message-----
>From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, November 05, 2003 4:25 PM
>To: Tomcat Users List
>Subject: Re: Tomcat 4 losing session (may be related to Win XP)
>
>
>
>Are the sessions the same between the two calls? That is, when you call
>HttpSession#getId() for each of them do you get the same id back?
>
>justin
>
>At 02:27 PM 11/5/2003, you wrote:
> >Hi all,
> >
> >I've come across a situation I can't figure out and I'm wondering if it
> >has to do with the fact that this is the first time we've installed
> >Tomcat on Windows XP Prof.
> >
> >Symptom: Tomcat loses session. If you set up a very simple two JSP
> >process where page 1 stuffs (setAttribute) something into the session,
> >and page 2 displays it, the value comes back as null
> >
> >Tests: if I copy the two JSPs to the examples directory included in the
> >Tomcat distribution, the pages perform properly. If I create my own
> >context and execute the pages from there, the getAttribute returns null.
> >
> >I created the context by duplicating the context in the server.xml file
> >and pretty much just changing the codebase.
> >
> >Other environment info: running behind Apache2 (latest), on port 8082
> >(http) and 8009 (AJP13) because Oracle Servlet Engine shows up on port
> >8080 (side note: anyone have info on how to get the flying pig to go
> >away when you've uninstalled the Oracle HTTP server???); JDK 1.4.*, and
> >this is Tomcat 4 (latest).
> >
> >The exact same set up works fine on Windows 2003 and Windows 2000 Prof.
> >And this machine works fine as a client to the server running on any
> >other machine, so it's not a cookie issue I don't think.
> >
> >Am I missing something obvious? Could it be permission-related?
> >Something in the way the session data is stored on disk? Sure would
> >appreciate any advice.
> >
> >Andrew Longley
> >Senior Software Developer
> >MindFlow Technologies, Inc.
> >http://www.mindflow.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
At 09:54 AM 11/6/2003, you wrote:
Thanks for the reply, don't want to hijack the thread.
I tried accessing from behind the firewall/proxy and the app works okay, so it looks like there is a problem with the request coming back through the proxyserver w/o the correct cookie. The tomcat access log shows each request has a different jsessionid, but I don't know exactly when that's being created and given to the browser client. The applet's service method immediately calls request.getSession(true), which would create a new session if one didn't exist, but I'm not sure how that would happen and still have the new sessionid be included in the access log.
Wendell
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
