tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kitching Simon <>
Subject RE: Problem with session -- Each Time creating new session, inste ad of existing one
Date Wed, 04 Oct 2000 08:22:19 GMT

Sessions are identified by cookies (normally, anyway).
The way a web server tells a browser to set a cookie is to send an http
in the *header* of the returned data.

If you look at the documentation for pageContext.include(....), which I
guess is what
you are using to execute your servlet from within you jsp file, you will see
that the
specification *requires* tomcat to flush the output buffer (including all
http headers)
to the client before invoking the included servlet or jsp page.

The implication is that no included page can ever set a header attribute,
cookies. Your servlet code is indirectly calling response.setCookie, which
is calling
response.setHeader(....) but the header info has already gone gone gone....

It seems to me that an IllegalStateException really should be generated if
ever try to set a cookie after the response has been flushed, but this
doesn't seem
to happen. In my experience it just gets ignored.

I think the solution in your case is to separate your servlet into a *bean*
and a
trivial servlet-wrapper that invokes the bean. You can then include the same
bean into your jsp page with a <jsp:useBean> command, and call it directly.
Because you are *not* doing an include, the response buffer doesn't get
and (hopefully) your create session call request.getSession(true) (ie
addCookie call) 
will then take effect.

Hope this helps (and hope it is right, part of it is just guessing....)


> -----Original Message-----
> From:	sanjeev c joshi []
> Sent:	Wednesday, October 04, 2000 8:45 AM
> To:
> Cc:	Joshi Sanjeev C
> Subject:	Problem with session -- Each Time creating new session,
> instead of  existing one
> Hi,
> I am using Tomact with Apache.I have a problem with the session.
> I have a servlet . The servlet AuthServlet  has a method  called
> "validsession()" which does
> HttpSession session= request.getsession( true);
> :
> :
> When I  call the AuthServlet from the browser  ( doGet inturn calls
> validsession()) , it returns the existing session appropriately with all
> the session parameters. But when the same AuthServlet is called from
> any other java file or perl sript ( in the cgi-bin directory),  it
> creates  a new session each time  instead of getting my existing
> session.  All the class files are in the  directory as directed in the
> classpath  variable. I have another method in the AuthServlet  "
> getCurrentUser()" where It does  the same thing i.e,
> HttpSession session= request.getsession( true);  strangely  it seems to
> work ( it retruns the existing session .....)
> Anyone has faced this problem and found the soultion, kindly help me....
> Any quick help ... I will be grateful........
> regards
> --Joshi

View raw message