Nelson D. guerrero wrote:
On Wed, 2007-03-28 at 17:00 -0400, Christopher Schultz wrote:Assuming that Tomcat is managing your sessions (there aren't too many good reasons to manage your own sessions), then Tomcat uses either cookies or URL rewriting to maintain sessions between requests.I'm sorry, I'm not following. By saying "managing your sessions", do you mean running tomcat standalone or letting tomcat manager the sessions and that the httpd uses the sessions off of the tomcat?Probably not: Tomcat should do this for you already. Usually, sessions get lost because Tomcat has had to resort to URL rewriting, but the application has not been written with this in mind. For instance, every single URL that you generate ought to go through request.encodeURL to make sure that the session id is properly added if necessary. If you don't do this, then you'll end up creating a new session when you use that (session-less) link.Do they go through request.encodeURL automatically or do I have to do something?
They don't go through it automatically, as the links are in the page output, and tomcat doesn't hunt through output streams for URLs to encode.
All URLs need to be manually encoded, in your JSPs or Servlet outputs. Check with your developers to ensure that this is the case.If the URLs are properly encoded Tomcat will then rewrite the URL to include the session data in the URL if cookies are not available.
Your URLs will then look something like: /path/to.jsp;jsessionid=XXXXXXXX?query=goes+hereThe HTTPD is largely agnostic of the sessions - unless you are clustering - as it won't interfere with a cookie, and will pass a URL parameter through as normal.
Q: How have you connected HTTPD/Tomcat, and which versions are you using?If you *are* clustering then you need to ensure that the jvmRoute attribute of the Engine in conf/server.xml is set uniquely for each Tomcat. (http://tomcat.apache.org/tomcat-5.5-doc/config/engine.html)
This adds the value of the attribute to the end of the jsessionid so that your load balancer can direct the session to the appropriate Tomcat.
p
Sorry for all the questions, I'm no developer and I'm surely not a tomcat administrator, they just shoved me the responsibility a couple of months ago and I've been learning ever since. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
