tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40072] - New Session Created Randomly in Tomcat 5.0.28
Date Thu, 20 Jul 2006 08:56:53 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40072>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40072





------- Additional Comments From darryl@darrylmiles.org  2006-07-20 08:56 -------
The session is only created when the session object is access in anyway.  I
believe the <%@ page session="false"%> directive tells the JSP layer not to
access a session object in a way to cause one to be created, this is for
contructing the pageContext.

However the HTTP request processing still takes place to match a given cookie
with a valid session object.

So if you pass from code which uses a session (the login part) into code which
codes not use a session, then your browser should still be giving the the
Cookie: header to Tomcat with accessing both URLs.

If Tomcat gets a Cookie it will always try to match it up with a session to
validate it (even if the processing that is to follow doesn't require or touch
the session object after all).


Does your HeavyJavaScript code in anyway access and/or edit the cookies[] in the
page ?

Maybe you can quote the URLs of the post login page and the non-session using
page to confirm if the URLs would be within the same Cookie domain.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message