Chris, thanks for your reply! > 1. Are you using cookies? If you don't properly encode all the URLs in > your webapp, you could be losing session information when cookies are > /not/ being used. It sounds like you are using cookies, though, given > your statement about using Firebug to read the headers en route.
I'm not using any cookies. Also i want to stress the fact that the app works fine in my local environment. > 2. Even if your session id is okay, are you dumping the value of the > "test attribute" for the session? Even though you aren't removing it, > that attribute might have been damaged by something else. I've looked everywhere, and unless i missed something i don't think this is the issue. > 3. You could write another filter that wraps your HttpSession when > requested by the webapp and reports all modifications to it (that is, > calls to setAttribute/removeAttribute/setValue/removeValue). How would I go about doing this? Is there a particular filter that listens to attributes being changed? > 4. Any reason not to use the container-managed login and session > management? Tomcat can take care of all this logic for you... Will eventually move to this, you're right. I am using Spring so will use Spring security/Acegi. -h On Wed, Aug 25, 2010 at 9:31 AM, Christopher Schultz <ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hisham, > > On 8/24/2010 10:30 PM, Hisham wrote: >> Jason, you're right in that the tabs i was referring to were tabs >> within my application. I will verify tomorrow whether the domain is >> different, but i seriously doubt it. > > I have a few other things you could check out: > > 1. Are you using cookies? If you don't properly encode all the URLs in > your webapp, you could be losing session information when cookies are > /not/ being used. It sounds like you are using cookies, though, given > your statement about using Firebug to read the headers en route. > > 2. Even if your session id is okay, are you dumping the value of the > "test attribute" for the session? Even though you aren't removing it, > that attribute might have been damaged by something else. > > 3. You could write another filter that wraps your HttpSession when > requested by the webapp and reports all modifications to it (that is, > calls to setAttribute/removeAttribute/setValue/removeValue). > > 4. Any reason not to use the container-managed login and session > management? Tomcat can take care of all this logic for you... > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkx1GxQACgkQ9CaO5/Lv0PBChACfSn30308mX8fTcYDPFGnOHYYZ > JlMAoIZ/d8ZpiJRwc+94pbwfDZAiaQWT > =EiKI > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org