-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Markus,
Markus Reis wrote: > I added a HttpSessionListener to my web.xml, which only makes a > System.out.println("session created | destroyed") whenever one of those > events occurs and found out that before NewSession Servlet (remember the url > I call is http://localhost:48080/webAntWeb/NewSession?...) is entered I see > the following sequence > "Session created" > "Session destroyed" > as often as "number of cookie headers"-1 and at the end there's one > "Session created" > which is then used in the following conversation's requests. Really? So, given a fresh TC startup and a browser with no cookies, a single request results in /many/ "Session created/session destroyed" messages on your console? That's bad. That suggests to me that you have some code that is repeatedly invalidating the session and then creating another one. If that's the case, it's no wonder you are getting so many Set-Cookie headers. Try this: Write a filter that wraps the HttpServletResponde object with an HttpServletResponseWrapper object that you customize. Override the addCookie method like this: public void addCookie(Cookie c) { super.addCookie(c); new Throwable("Created Cookie").printStackTrace(); } This will emit a stack trace whenever code adds a cookie to the response. Try this with a small number of request parameters ;) Look to see where all the addCookie headers are coming from. They'll probably be coming from Tomcat's internal code, but you should look further up the stack to see if it's in your code. Maybe a filter. Maybe a servlet. Check those places in the code. They may be killing the current session and re-creating it inappropriately. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkcXtIACgkQ9CaO5/Lv0PDItgCdG79ifx/CUjwsjSKkPFhGWfpP yQ8Anjho2cO17oV28v79q8PDfTomrkfu =/6D+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]