tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <cost...@covalent.net>
Subject Re: AW: [Tomcat 3.3rc1 and HEAD] Same SessionID delivered to manyclients during session creation ?
Date Fri, 12 Oct 2001 08:45:20 GMT
Hi Hans,

> Our Application has no JSP's.
> It is based on Velocity and Struts using Toplink as Persistence Layer.

I'm a bit confused - isn't Struts based on JSPs ? But it shouldn't matter,
what's important is finding if the problem is caused by tomcat or by the
framework.

My bet is the second.

> I have to check, but I doubt that we do anything special with the session.
> Have to ask the guy who is in charge of our framework though.

Probably not with the session - but maybe some result fragments are
cached.


> If you want I can privately send you a link to access our testserver.
> I would have to know exactly when to restart Tomcat in order to have
> longer delay of the first page delivery (and to stop testing on our side :)
> So please let me know and I could give you a call.

I don't think this would help, I do trust you that the bug is there, and
the only solution to find it is to add println()s in few places ( in the
source ), by someone familiar with the codebase.

If you believe it's something wrong in tomcat, try to create a simple
servlet/jsp that can reproduce this and is not using any of the template.
You can add a big delay in init(). If we can get this reproduced without
any framework - I'm pretty sure we'll fix it quickly.

Again, my advice is to identify the code that generates the form and add
println() statements. Is it called on each requests ? If not, it's certain
something is caching the result fragment.

Does it have the same session id ? Then try to find out how do you get the
session id.

Costin





>
> hope I can help,
> Hans
>
> > -----Ursprüngliche Nachricht-----
> > Von: costinm@covalent.net [mailto:costinm@covalent.net]
> > Gesendet: Donnerstag, 11. Oktober 2001 22:10
> > An: Hans Schmid
> > Cc: Tomcat-Dev
> > Betreff: Re: [Tomcat 3.3rc1 and 3.3rc2] Same SessionID delivered to
> > manyclients during session creation ?
> >
> >
> > On Thu, 11 Oct 2001, Hans Schmid wrote:
> >
> > > Costin,
> > >
> > > (I'm not subscribed here at work so I have to use an archive)
> > >
> > >
> > > I am experiance this on Windows2000 SP2 (locally) as well as on
> > Solaris 8
> > > Here more details:
> > >
> > > Thanks for the tip with the debugging set in SessionIdGenerator:
> > >
> > > Starting Tomcat and requesting 2 Sessions from 2 Browsers as described
> >
> > Hi Hans,
> >
> > Is there any caching involved in your servlet ? Can you reproduce the same
> > thing with a 'plain' servlet/jsp page that you can send ?
> >
> > Also, in the jsp, can you do a System.out.println() with the session id (
> > and maybe the Session object ) ?
> >
> > This sounds very strange - it's important to figure out where is the
> > first session id stored and why.
> >
> > Costin
> >
> >
> > > before:
> > >
> > > 2001-10-11 19:21:57 - Http10Interceptor: Starting on 8080
> > > 2001-10-11 19:21:57 - Ajp12Interceptor: Starting on 8007
> > > EmbededTomcat: Startup time 60
> > > 2001-10-11 19:21:57 - Ajp13Interceptor: Starting on 8009
> > > 2001-10-11 19:22:03 - SessionIdGenerator: Created random class
> > > java.util.Random
> > > 2001-10-11 19:22:03 - SessionIdGenerator: Generate new session
> > id hmwxl5ysd1
> > > 2001-10-11 19:22:07 - SessionIdGenerator: Generate new session
> > id slfjsuysf1
> > >
> > >
> > > So We really get 2 different SessionIds!
> > >
> > > But when I do a 'View Source' on my delivered page (2 times the
> > same entry
> > > point)
> > > I see the following:
> > >
> > > First browser (first request I would expect hmwxl5ysd1, the
> > first generated
> > > sessionid )
> > >
> > >
> > >       <form name="form1" method="post"
> > > action="/einsurance/doShowStartPage.do;jsessionid=hmwxl5ysd1">
> > >
> > > ^^^^^^^^^^
> > > 		<table border="0" cellpadding="0" cellspacing="0"
> > width="100%">
> > >         <tbody>
> > >           <tr>
> > >
> > > Superb, correct, but:
> > > Second browser (second request sent before first Browser
> > delivered the page:
> > >
> > >       <form name="form1" method="post"
> > > action="/einsurance/doShowStartPage.do;jsessionid=hmwxl5ysd1">
> > >
> > > ^^^^^^^^^^
> > > 		<table border="0" cellpadding="0" cellspacing="0"
> > width="100%">
> > >         <tbody>
> > >           <tr>
> > >
> > > And here we have again the first generated sessionid instead
> > the second one
> > > 'slfjsuysf1'!
> > >
> > > So it seems the SessionIds get generated correctly, but the
> > first one gets
> > > delivered to all output.
> > > Just doublechecked wit 3 Browserd 2 IE5.5 and 1 Mozilla 0.9.5.
> > Same result:
> > > 2001-10-11 19:38:00 - Http10Interceptor: Starting on 8080
> > > 2001-10-11 19:38:00 - Ajp12Interceptor: Starting on 8007
> > > EmbededTomcat: Startup time 80
> > > 2001-10-11 19:38:00 - Ajp13Interceptor: Starting on 8009
> > > 2001-10-11 19:38:05 - SessionIdGenerator: Created random class
> > > java.util.Random
> > > 2001-10-11 19:38:05 - SessionIdGenerator: Generate new session
> > id nah9m4z5q1
> > > 2001-10-11 19:38:11 - SessionIdGenerator: Generate new session
> > id ky0rmjz5t1
> > > 2001-10-11 19:38:15 - SessionIdGenerator: Generate new session
> > id 351cc3z5v1
> > >
> > >
> > > All three start pages show
> > >       <form name="form1" method="post"
> > > action="/einsurance/doShowStartPage.do;jsessionid=nah9m4z5q1">
> > >
> > > always the first generated SessionId.
> > >
> > >
> > > Thanks for looking into this. this is a major thing, I guess
> > >
> > > Best regards,
> > > Hans Schmid
> > >
> > > einsurance Agency AG
> > > Information Technology
> > > Bayerstraße 33
> > > 80335 München
> > >
> > > Tel: +49-89-55292- 860
> > > Fax: +49-89-55292- 855
> > >
> > > eMail: Hans.Schmid@einsurance.de
> > > http://www.einsurance.de
> > >
> > >
> > >
> > > Hi Hans,
> > >
> > > Could you turn on the debugging on SessionIdGenerator ? Are you using
> > > Linux or Solaris ?
> > >
> > > You should see "Generate new sessionid" for each request - and
> > all session
> > > ids to be different. The random generator uses time and ( if available )
> > > /dev/random - I can't see how it would have the same id.
> > >
> > > Costin
> > >
> > > On Thu, 11 Oct 2001, Hans Schmid wrote:
> > >
> > > > Hi developers,
> > > >
> > > > 1.) First a note about an unanswered observation from the mailing list
> > > > archive:
> > > > we are experiencing exactly the same behaviour with Tomcat 3.3-rc1
> > > > with mod_jk AJP1.3 Apache 1.3.19(Solaris 8 Sparc) when using SSL as
> > > > described below.
> > > > Thats why we had to changed to <SessionId cookiesFirst="true"
> > > > noCookies="false" />
> > > >
> > > > 2.)
> > > > What we see using  <SessionId cookiesFirst="false" noCookies="true"
/>
> > > > seems to result sometimes in weird behavior in a different
> > area as well:
> > > >
> > > > Beeing in one Browser and entering data may cause this data to be
> > > > displayed on a different Browser on a different machine. (Same
> > > Application!)
> > > > We can not reproduce this every time but it happens way too often.
> > > > This is very critical.
> > > >
> > > > 3.)
> > > > How to reproduce this (may be):
> > > >
> > > > We see the same sessionid appended to both URLs.
> > > > This can be best reproduced by opening 2 Browsers, starting Tomcat and
> > > > starting our Webapp in every Browser shortly after the other.
> > > > (We are using Toplink which reads a huge XMLDescriptor file
> > the first time
> > > > it gets invoked. So we have the chance to start the request
> > in the second
> > > > Browser before the first page gets delivered)
> > > >
> > > > As long as you start the request in the second Browser before
> > the request
> > > > in the first Browser was finished (page delivered) you get the same
> > > > jsessionid
> > > > in the URL or the delivered page
> > > >
> > > > <form name="form1" method="post"
> > > > action="/einsurance/doShowStartPage.do;jsessionid=clkam0vi31">
> > > >
> > > >
> > > >
> > > > Using curl tool on solaris we see the following:
> > > >
> > > > root@zeus[/u/www/INT/einsurance/logs]% curl --help
> > > > curl 7.8.1 (sparc-sun-solaris2.8) libcurl 7.8.1 (OpenSSL 0.9.6b)
> > > > Usage: curl [options...] <url>
> > > > Options: (H) means HTTP/HTTPS only, (F) means FTP only
> > > > ...
> > > >
> > > > for i in 1 2 3 4 5 6 7 8 9 10 ; do for j in 1 2 3 4 5 6 7 8 9 10 ; do
> > > > curl -s
> 'http://myserver:8080/einsurance/doEntry.do?pid=ph&b2bid=1&cpid=1'
> > |
> > > grep jsessionid &  done; done > curl.out
> > >
> > >
> > > I would expect a new sessionid delivered for every curl process
> requesting
> > > our entry page, but see the result:
> > > The same sessionid gets delivered many times  see the lines marked with
> > > <-----
> >
>


Mime
View raw message