You do realize that sessions don't carry over between SSL and non-SSL request don't you?
You can't have a session ID that carries over from a non-ssl session to an SSL session because that session ID is compromised (it has been exposed) as plain text. As an aside, I looked at your form. You should really use HttpServletRequest.getLocale() to pick up your user's locale and then provide date formatting for the user locale. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 > -----Original Message----- > From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 15, 2006 11:03 AM > To: 'Tomcat Users List'; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > As the problem occurs with a live site, you can see it yourself at > www.tophotelchoices.com. Do a search for any hotel. You > will see the > results. By the time the results page is loaded your session > has expired > but you do not know. Click on the "Book" or "Request" button > of any hotel > and you will see the Timeout page. > > Remember that the above only happens with FireFox. > > I will greatly appreciate your help. > > >-----Original Message----- > >From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >Sent: 15 February 2006 19:45 > >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > >Cc: 'Tomcat Users List' > >Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > > >I tried with NetScape and Opera to see what happens. > > > >For NetScape the first time I tried it was ok up to the stage > >that I switched to SSL. At that step, I lost my session. > >After trying several times again I noticed NetScape was ok. > > > >With Opera all works fine, like with IE, from the beginning. > > > >So major problem is still FireFox and it must be something > >that it sends (or not sends) back to Tomcat that causes > >session expiration. > > > >Thanks for your assistance. > > > >Michael > > > >>-----Original Message----- > >>From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>Sent: 15 February 2006 17:48 > >>To: 'Tomcat Users List' > >>Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >> > >>Not at the stage that this problem occurs. SSL is used > >further on when > >>the user logs in to make a payment but the SSL pages are > >never reached > >>with FireFox because of the early timeout. With IE all is ok, > >>including SSL connections. > >> > >>>-----Original Message----- > >>>From: [EMAIL PROTECTED] > >>>[mailto:[EMAIL PROTECTED] > >>>Sent: 15 February 2006 17:43 > >>>To: 'Tomcat Users List' > >>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>> > >>>Are you using SSL connection ? > >>> > >>>-----Message d'origine----- > >>>De : > >>>[EMAIL PROTECTED] > >>pache.org > >>>[mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@ > >>tomcat.ap > >>>ache.org]De la part de Michael Andreas Omerou Envoye : > >>>mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List' > >>>Objet : RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >>> > >>> > >>>It is 30 minutes. If I do > >>>request.getSession().getMaxInactiveInterval() I get 1800 (seconds I > >>>guess) which is the correct value for 30 minutes. > >>> > >>>Michael > >>> > >>>>-----Original Message----- > >>>>From: Earnie Dyke [mailto:[EMAIL PROTECTED] > >>>>Sent: 15 February 2006 17:25 > >>>>To: Tomcat Users List > >>>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>> > >>>>The META tags should not have an effect on cookies. Firefox > >>would not > >>>>be the one that expires your session, Tomcat would. > >>>>Do you have a session timeout specified in your application? > >>>> > >>>>Earnie! > >>>> > >>>>-----Original Message----- > >>>>From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>Sent: Wednesday, February 15, 2006 10:19 AM > >>>>To: 'Tomcat Users List' > >>>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>> > >>>> > >>>>Hi Earnie, > >>>> > >>>>Cookies are allowed at the browser. It seems for some > >>reason that at > >>>>then end of loading each JSP firefox expires my session. I > >use some > >>>>meta tags (<META HTTP-EQUIV="Cache-Control" > >>>CONTENT="No-Cache">, <META > >>>>HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META > HTTP-EQUIV="Expires" > >>>>CONTENT="-1">) and also set the corresponding header values using > >>>>response.setHeader but even if I remove them nothing changes. > >>>> > >>>>Michael > >>>> > >>>>>-----Original Message----- > >>>>>From: Earnie Dyke [mailto:[EMAIL PROTECTED] > >>>>>Sent: 15 February 2006 17:10 > >>>>>To: Tomcat Users List > >>>>>Subject: RE: Session Expires At Every Request > >(Tomcat5.0.28/Firefox) > >>>>> > >>>>>Are you blocking cookies at the browser? > >>>>> > >>>>>Earnie! > >>>>> > >>>>>-----Original Message----- > >>>>>From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>Sent: Wednesday, February 15, 2006 10:06 AM > >>>>>To: 'Tomcat Users List' > >>>>>Subject: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >>>>> > >>>>> > >>>>> Anybody has an idea what could be causing what I describe in > >>>>the below > >>>>>two emails? > >>>>> > >>>>>>-----Original Message----- > >>>>>>From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>>Sent: 15 February 2006 13:10 > >>>>>>To: 'Tomcat Users List' > >>>>>>Subject: RE: Session Problems with Firefox > >>>>>> > >>>>>>Further to my below email I have put in some code to check > >>the HTTP > >>>>>>headers in each case (IE and FireFox). > >>>>>> > >>>>>>These are: > >>>>>> > >>>>>>IE > >>>>>>accept: */* > >>>>>>accept-language: en-gb > >>>>>>accept-encoding: gzip, deflate > >>>>>>user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > >>5.1; SV1; > >>>>>>.NET CLR 1.1.4322; InfoPath.1) > >>>>>>host: localhost > >>>>>>connection: Keep-Alive > >>>>>>cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320 > >>>>>> > >>>>>>FireFox > >>>>>>host: localhost > >>>>>>user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; > >>>>rv:1.7.12) > >>>>>>Gecko/20050919 Firefox/1.0.7 > >>>>>>accept: > >>>>>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, > >>>>>text/plain;q= > >>>>>>0.8,image/png,*/*;q=0.5 > >>>>>>accept-language: en-gb,en;q=0.5 > >>>>>>accept-encoding: gzip,deflate > >>>>>>accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >>>>>>keep-alive: 300 > >>>>>>connection: keep-alive > >>>>>>cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6 > >>>>>>cache-control: max-age=0 > >>>>>> > >>>>>> > >>>>>>I wonder whether the keep-alive which exists in the case of > >>>>>FireFox but > >>>>>>not in the case of IE could be the cause of my problems. > >>>>>> > >>>>>>Michael > >>>>>> > >>>>>> > >>>>>> > >>>>>>>-----Original Message----- > >>>>>>>From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>>>Sent: 15 February 2006 11:27 > >>>>>>>To: users@tomcat.apache.org > >>>>>>>Subject: Session Problems with Firefox > >>>>>>> > >>>>>>>Hello, > >>>>>>> > >>>>>>>I have some problems with session management when our > >application > >>>>>>>runsin Firefox. > >>>>>>> > >>>>>>>Basically, what happens is that after I set in the > session some > >>>>>>>attributes/beans which are needed down the application, I > >>>>>>check in all > >>>>>>>JSPs and servlets that an old session is still there by using > >>>>>>> if (request.getSession(false)==null){ > >>>>>>> > >>>>>>>response.sendRedirect(response.encodeRedirectURL("timeo > ut.jsp")); > >>>>>>> > >>>>>>> } > >>>>>>> > >>>>>>>With IE all works fine, however with Firefox, it seems that > >>>>>>the session > >>>>>>>is re-initialised whenever the client/browser requests a new > >>>>>page. I > >>>>>>>checked this by printing the session id in the log on each > >>>page and > >>>>>>>with IE it does not change, while with Firefox it changes. > >>>>>>> > >>>>>>>I checked my firefox settings for cookies and all look ok. > >>>>>>> > >>>>>>>Anybody has a clue of what I might be doing wrong? > >>>>>>> > >>>>>>>Regards, > >>>>>>>Michael > >>>>>>> > >>>>>>> > >>>>>>>------------------------------------------------------------ > >>>>--------- > >>>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>> > >>>>>> > >>>>>> > >>>>>>------------------------------------------------------------ > >>>--------- > >>>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>> > >>>>> > >>>>>------------------------------------------------------------ > >>--------- > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> > >>>>>------------------------------------------------------------ > >>--------- > >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>> > >>>> > >>>>------------------------------------------------------------ > >--------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>>>------------------------------------------------------------ > >--------- > >>>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>> > >>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>>Ce message avec ses documents attaches sont confidentiels > et a usage > >>>exclusif du ou des destinataires. La responsabilite de > Fortis Banque > >>>France ne peut en aucun cas etre engagee suite a un prejudice > >>lie a un > >>>incident de securite, d'integrite, de virus ou a un retard dans la > >>>transmission. De plus, ce document n'a aucune valeur > >contractuelle ou > >>>juridique; en particulier, aucune transaction commerciale ne > >>peut etre > >>>basee exclusivement sur des emails. > >>> > >>>This message and its attachments are confidential; their use is > >>>restricted to their recipient(s). Fortis Banque France > >cannot, in any > >>>way, be responsible for any prejudice linked to any incident > >>regarding > >>>security, integrity, virus or delay in transmission. > Moreover, this > >>>document has no contractual nor legal value whatsoever; in > >>particular, > >>>no business transaction can, in any way, be based exclusively on > >>>emails. > >>> > >>> > >>> > >>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> > >>------------------------------------------------------------ > --------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]