Hi Dan,
there would only be a new session id created for the user in step 2 if
the user closes the browser after step 1, or if the browser has been
configured to start a new session in new windows.
Adam
Daniel Blumenthal on 19/04/06 06:34, wrote:
I'm having a very strange problem with sessionIDs getting dropped. It only
happens rarely, and I can't seem to reproduce it myself, but I can see that
it's happening by looking at the logs. (it's happening on XP with both IE
and Firefox)
I have four pages: Home, Register, CreditCard, and CreditCardVerify. Each
of these pages has a tiny image whose only purpose in life is to track who
was on the page, and when. The rule (enforced with <logic:present> tags) is
that no one can be on the two CreditCard pages without being logged in.
These two pages are also done through SSL. (I use sslext)
Here's what I've pieced together from looking at my logs:
1) The user creates an account on the Register page, and a verification
email is sent to the user. (sessionID 1) So far, so good.
2) The user clicks on the link in the email, and gets sent back to a custom
ActivateUserAction that activates the user, then loads the user data into
the session (there's a log entry that indicates that this has happened
correctly). ActivateUserAction then forwards to the CreditCard screen
(sessionID 2)
3) The user enters information, and then goes to the CreditCardVerify screen
(sessionID 3)
4) There's finally an error, and the user is sent to the Home page
(sessionID 4)
It makes sense that going from step 1 to step 2 is going to yield a new
sessionID, because a new window is being opened. However, the logs also
indicate that there's no user on the CreditCard page, which is strange,
because I enclose the JSP in that file with this:
<logic:notPresent scope="session" name="USER">
<logic:redirect forward="home"/>
</logic:notPresent>
<logic:present scope="session" name="USER">
...
</logic:present>
It's almost as though the image has a different sessionID than the page it's
on (else why wouldn't the page redirect due to a lack of user?).
Then, there's a completely different sessionID for the CreditCardVerify
page.
When the user gets sent back to the Home page, there's a new sessionID,
which finally sticks.
I'm using Struts 1.1 (the new version of the site is using 1.2.9, but we
haven't had enough activity on the new site to tell if this is a problem
there too). There doesn't seem to be any rhyme or reason to when it happens
- which is about 2% of the time.
Could this be due to it being SSL? Does this ring any kind of bells?
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
