Hi guys, Not sure if I'm in the right list for this ;-) I'm trying to debug an application which has basically been cobbled together by a number of previous programmers using a mix of servlets, jsp and struts. The app also uses 3 contexts - 2 normal and 1 secure via apache. The problem is this, if I log on and setup some stuff on the main site, the software uses the same session through out. Security is done but storing a user object in the session. If I then perform a CC transaction which requires the secure server to be used and then come back to the main server, the session is "lost" and the system insists I logon again. Then every time I try to access a page it keeps creating new sessions and insisting I relogon. This only seems to happen after I access the secure server. I have to restart the browser to get everything working again.
I've logged the session ids which is how I tell when it starts accessing different sessions. The software appears to have originally been written to use cookies, but whilst they are stored, they are not used anywhere. Questions: 1. If the software creates and stores a cookie, but never actually retrieves it, can this effect the session ? I've read something about cookies controlling sessions, but I don't know how this works. 2. What sort of things will cause a server to start a new session ? Any help much appreciated. Ciao Derek.
