******************************* NOTICE *********************************
This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient or the employee or
agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution, or copying
of this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by reply or by
telephone (call us collect at 512-343-9100) and immediately delete this
message and all its attachments.
--- Begin Message ---
Chris -
No, it's not an incorrect error message. My dev team assures me that the
message only occurs if the provided session ID does not match the one attached
to the user in the database. I watched the database & the user, and the DB
value didn't change after the initial login, but the user got the message on
the next link he clicked on after login. There wasn't an opportunity for
something to have made the session go away.
The app is deployed a couple of dozen times here with hundreds of users, and
these guys are the only ones expressing the problem.
I've forgotten which version of IE, looked like 7 or 8, but it is set up in
standard IE cookie mode, that is, he wasn't overriding the default handling
mechanism.
Jeff
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, February 23, 2010 3:56 PM
To: Tomcat Users List
Subject: Re: Session id is invalid occurs randomly
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeffrey,
On 2/23/2010 2:54 PM, Jeffrey Janner wrote:
> It seems that they can login just fine and work just fine, most of the
> time. However, every now and then, they will get kicked out with an
> "invalid session" error. That is our software's error message to them,
> basically meaning we didn't get the session id we were expecting. I'm
> leaning toward the proxy trashing the session cookie, or presenting the
> wrong one, etc.
Is it possible that your error message is wrong?
We have an ancient app that "runs home to mama" when anything goes wrong
and displays a message that says "An error occurred, probably because
your session timed out". The original devs didn't bother to do nice
things like null-checking and just assumed that the session state would
be sane: when errors occurred, it was usually because the session went
away. Anyhow, we sometimes get SQLExceptions that trigger this error
message and people complain that their session couldn't have timed out.
It would be funny if it weren't in production :(
> I'm planning on adding the RequestDumper valve to their configuration to
> capture what is really going on.
Make sure to dump the requested session id as well as the id of the
session actually used. If the user is requesting a session and not
getting it, that may be useful information.
Any idea if these clients are using cookies or not? Sometimes a missing
response.encodeURL() call can ruin your whole day.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuETwwACgkQ9CaO5/Lv0PACPgCgiCfgL4aizr2GyGFRoUKotlzW
cs8AoLxG8Mnc/L9q//aOX/jZsLB8PYn/
=FzoK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--- End Message ---
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
