Re: jsessionid on EXACTLY the 2nd request?

Mon, 04 Jan 2010 13:43:42 -0800

I'm not sure about that. Here's what seems to me to be the sequence of events: 

Browser sends initial request  http://myapp.com
        Tomcat creates session and generates page for this request.
Tomcat doesn't know that Browser supports cookies, so it should append jsessionid (but doesn't ??) 
Browser get's Tomcat response & display's page with address:   http://myapp.com
Browser creates JSESSIONID cookie (using info supplied by Tomcat in response): 
Cookie has contents:    4E4F86E5B779F43BCA7895B8A554FDCD
-----
Browser makes 2nd request, for http://myapp/anotherPage. Browser must definitely by now be stating that it supports cookies. Tomcat prepares response, adding jsessionid (why?), the SAME jsessionid as in the cookie: 4E4F86E5B779F43BCA7895B8A554FDCD 
Browser displays response with jsessionid showing in address bar.
----
More interactions,  but no more jsessionid's.....


On Jan 4, 2010, at 4:11 PM, Mark Thomas wrote:


On 04/01/2010 20:52, Ken Bowen wrote:

I'm seeing what I think is odd behavior regarding jsessionid's.
[My setup(s): Tomcat 6.0.20 on a MacBook Pro using Java 1.6.0_17,
Tomcat 6.0.18 on CentOS 5 using Java 1.6.0_12 ]
I'm seeing the same behavior on both systems, and the same
behavior happens with Safari and FF. Both browsers have cookies turned on. 

I have cookies="true" in context.xml in the app's META_INF.

The Behavior:
I Clear Recent History in FF, which includes clearing cookies,
and request http://myapp.com/ I connect and the address bar shows: 

   http://myapp.com/

Moreover, a JESSIONID cookie shows in FF's list of cookies.
I make a request for another page in the app and the address bar shows: 


http://myapp.com/anotherPage;jsessionid=9612C2CAA30DE590AA7A5FDB046DA4F9


Just a guess - I haven't looked at the source code to be sure.
At the point where the page was generated, Tomcat doesn't know that the 
client supports cookies since at that point the client hasn't sent a
request with a JSESSIONID cookie so any urls generated will have the
session ID appended.
Once a cookie is received, Tomcat knows there is no need to include the 
session ID in the URL.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to