tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans Schmid" <h...@mega-schmid.de>
Subject AW: [Tomcat 3.3rc1 and HEAD] Same SessionID delivered to manyclients during session creation ?
Date Fri, 12 Oct 2001 06:12:57 GMT
Costin,

Our Application has no JSP's.
It is based on Velocity and Struts using Toplink as Persistence Layer.
And yes, we do cache resources like the contents of lookup tables,
config files and so on.

I have to check, but I doubt that we do anything special with the session.
Have to ask the guy who is in charge of our framework though.

I'll try to find out more when I am in the office in 2 hours.

If you want I can privately send you a link to access our testserver.
I would have to know exactly when to restart Tomcat in order to have
longer delay of the first page delivery (and to stop testing on our side :)
So please let me know and I could give you a call.

hope I can help,
Hans

> -----Ursprüngliche Nachricht-----
> Von: costinm@covalent.net [mailto:costinm@covalent.net]
> Gesendet: Donnerstag, 11. Oktober 2001 22:10
> An: Hans Schmid
> Cc: Tomcat-Dev
> Betreff: Re: [Tomcat 3.3rc1 and 3.3rc2] Same SessionID delivered to
> manyclients during session creation ?
>
>
> On Thu, 11 Oct 2001, Hans Schmid wrote:
>
> > Costin,
> >
> > (I'm not subscribed here at work so I have to use an archive)
> >
> >
> > I am experiance this on Windows2000 SP2 (locally) as well as on
> Solaris 8
> > Here more details:
> >
> > Thanks for the tip with the debugging set in SessionIdGenerator:
> >
> > Starting Tomcat and requesting 2 Sessions from 2 Browsers as described
>
> Hi Hans,
>
> Is there any caching involved in your servlet ? Can you reproduce the same
> thing with a 'plain' servlet/jsp page that you can send ?
>
> Also, in the jsp, can you do a System.out.println() with the session id (
> and maybe the Session object ) ?
>
> This sounds very strange - it's important to figure out where is the
> first session id stored and why.
>
> Costin
>
>
> > before:
> >
> > 2001-10-11 19:21:57 - Http10Interceptor: Starting on 8080
> > 2001-10-11 19:21:57 - Ajp12Interceptor: Starting on 8007
> > EmbededTomcat: Startup time 60
> > 2001-10-11 19:21:57 - Ajp13Interceptor: Starting on 8009
> > 2001-10-11 19:22:03 - SessionIdGenerator: Created random class
> > java.util.Random
> > 2001-10-11 19:22:03 - SessionIdGenerator: Generate new session
> id hmwxl5ysd1
> > 2001-10-11 19:22:07 - SessionIdGenerator: Generate new session
> id slfjsuysf1
> >
> >
> > So We really get 2 different SessionIds!
> >
> > But when I do a 'View Source' on my delivered page (2 times the
> same entry
> > point)
> > I see the following:
> >
> > First browser (first request I would expect hmwxl5ysd1, the
> first generated
> > sessionid )
> >
> >
> >       <form name="form1" method="post"
> > action="/einsurance/doShowStartPage.do;jsessionid=hmwxl5ysd1">
> >
> > ^^^^^^^^^^
> > 		<table border="0" cellpadding="0" cellspacing="0"
> width="100%">
> >         <tbody>
> >           <tr>
> >
> > Superb, correct, but:
> > Second browser (second request sent before first Browser
> delivered the page:
> >
> >       <form name="form1" method="post"
> > action="/einsurance/doShowStartPage.do;jsessionid=hmwxl5ysd1">
> >
> > ^^^^^^^^^^
> > 		<table border="0" cellpadding="0" cellspacing="0"
> width="100%">
> >         <tbody>
> >           <tr>
> >
> > And here we have again the first generated sessionid instead
> the second one
> > 'slfjsuysf1'!
> >
> > So it seems the SessionIds get generated correctly, but the
> first one gets
> > delivered to all output.
> > Just doublechecked wit 3 Browserd 2 IE5.5 and 1 Mozilla 0.9.5.
> Same result:
> > 2001-10-11 19:38:00 - Http10Interceptor: Starting on 8080
> > 2001-10-11 19:38:00 - Ajp12Interceptor: Starting on 8007
> > EmbededTomcat: Startup time 80
> > 2001-10-11 19:38:00 - Ajp13Interceptor: Starting on 8009
> > 2001-10-11 19:38:05 - SessionIdGenerator: Created random class
> > java.util.Random
> > 2001-10-11 19:38:05 - SessionIdGenerator: Generate new session
> id nah9m4z5q1
> > 2001-10-11 19:38:11 - SessionIdGenerator: Generate new session
> id ky0rmjz5t1
> > 2001-10-11 19:38:15 - SessionIdGenerator: Generate new session
> id 351cc3z5v1
> >
> >
> > All three start pages show
> >       <form name="form1" method="post"
> > action="/einsurance/doShowStartPage.do;jsessionid=nah9m4z5q1">
> >
> > always the first generated SessionId.
> >
> >
> > Thanks for looking into this. this is a major thing, I guess
> >
> > Best regards,
> > Hans Schmid
> >
> > einsurance Agency AG
> > Information Technology
> > Bayerstraße 33
> > 80335 München
> >
> > Tel: +49-89-55292- 860
> > Fax: +49-89-55292- 855
> >
> > eMail: Hans.Schmid@einsurance.de
> > http://www.einsurance.de
> >
> >
> >
> > Hi Hans,
> >
> > Could you turn on the debugging on SessionIdGenerator ? Are you using
> > Linux or Solaris ?
> >
> > You should see "Generate new sessionid" for each request - and
> all session
> > ids to be different. The random generator uses time and ( if available )
> > /dev/random - I can't see how it would have the same id.
> >
> > Costin
> >
> > On Thu, 11 Oct 2001, Hans Schmid wrote:
> >
> > > Hi developers,
> > >
> > > 1.) First a note about an unanswered observation from the mailing list
> > > archive:
> > > we are experiencing exactly the same behaviour with Tomcat 3.3-rc1
> > > with mod_jk AJP1.3 Apache 1.3.19(Solaris 8 Sparc) when using SSL as
> > > described below.
> > > Thats why we had to changed to <SessionId cookiesFirst="true"
> > > noCookies="false" />
> > >
> > > 2.)
> > > What we see using  <SessionId cookiesFirst="false" noCookies="true" />
> > > seems to result sometimes in weird behavior in a different
> area as well:
> > >
> > > Beeing in one Browser and entering data may cause this data to be
> > > displayed on a different Browser on a different machine. (Same
> > Application!)
> > > We can not reproduce this every time but it happens way too often.
> > > This is very critical.
> > >
> > > 3.)
> > > How to reproduce this (may be):
> > >
> > > We see the same sessionid appended to both URLs.
> > > This can be best reproduced by opening 2 Browsers, starting Tomcat and
> > > starting our Webapp in every Browser shortly after the other.
> > > (We are using Toplink which reads a huge XMLDescriptor file
> the first time
> > > it gets invoked. So we have the chance to start the request
> in the second
> > > Browser before the first page gets delivered)
> > >
> > > As long as you start the request in the second Browser before
> the request
> > > in the first Browser was finished (page delivered) you get the same
> > > jsessionid
> > > in the URL or the delivered page
> > >
> > > <form name="form1" method="post"
> > > action="/einsurance/doShowStartPage.do;jsessionid=clkam0vi31">
> > >
> > >
> > >
> > > Using curl tool on solaris we see the following:
> > >
> > > root@zeus[/u/www/INT/einsurance/logs]% curl --help
> > > curl 7.8.1 (sparc-sun-solaris2.8) libcurl 7.8.1 (OpenSSL 0.9.6b)
> > > Usage: curl [options...] <url>
> > > Options: (H) means HTTP/HTTPS only, (F) means FTP only
> > > ...
> > >
> > > for i in 1 2 3 4 5 6 7 8 9 10 ; do for j in 1 2 3 4 5 6 7 8 9 10 ; do
> > > curl -s
'http://myserver:8080/einsurance/doEntry.do?pid=ph&b2bid=1&cpid=1'
> |
> > grep jsessionid &  done; done > curl.out
> >
> >
> > I would expect a new sessionid delivered for every curl process
requesting
> > our entry page, but see the result:
> > The same sessionid gets delivered many times  see the lines marked with
> > <-----
>


Mime
View raw message