tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <>
Subject RE: Tomcat losing session
Date Wed, 15 Jan 2003 07:55:31 GMT
Typically this happens when the session with ID x 
is invalidated, then each request with the same 
sessionid will create a new session.

One typical scenario for that is a framed site,
where there is one navigation frame and (at least) 
one content frame. If the user has diabled cookies
all links in the navigation frame contain session 
id X unless the navigation frame is reloaded. After 
a timeout of session X each click to link in the 
navigation frame will create a new session.

How something like that can happen with cookies 
enabled is not clear to me.

Some recommended actions to track down the problem:
- Log each session invalidation
  Look if session was invalidated when you find
  a request for this session that created a new session.
  Find out why the session was invalidated (timeout)
- If session.isNew is true log folowing data

> -----Original Message-----
> From: Charlie Toohey []
> Sent: Tuesday, January 14, 2003 9:08 PM
> To:
> Subject: Tomcat losing session
> Infrequently, Tomcat is creating a new session on each 
> request from the same 
> cookie, when all of the requests should be in the same session.
> I am logging the cookie and session ids to debug this. What I 
> see is that a 
> request comes in with cookie JSESSIONID=X. Tomcat creates a 
> new session, with 
> session id=Y. Then, another request comes in from the same 
> client, and cookie 
> value JSESSIONID=X (still). Tomcat creates a new session 
> again, with session 
> id=Z.
> What happens most of the time is that client request comes in 
> with cookie 
> value JSESSIONID=X, and Tomcat creates a new session with 
> session id = Y.  
> When another request comes in from the same client, cookie 
> now = Y, and Tomcat session id is Y. As expected.
> The same requests can produce the two different scenarios, so 
> it does not 
> appear to be specific to the resource which is requested.  
> But there are more 
> specifics --- when this happens, the first resource requested 
> in the session 
> is a servlet, which does a sendRedirect, resulting in the 
> request. I don't 
> know if there is something about this sequence that could 
> cause the problem.
> As I said, this happens very infrequently, and can not be 
> reproduced at will. 
> When it does happen, it happens on every request from the 
> client --- every 
> request receives the same cookie JSESSIONID value, but 
> creates a new session. 
> It's like once it gets into that mode, it can't get out. 
> Has anyone else ever experience this behavior of losing sessions ?
> We are using Tomcat 4.1.12 with Apache 1.3.27 running on 
> Mandrake Linux 8.1.
> Thanks for any help,
> Charlie
> --
> To unsubscribe, e-mail:   
> <>
> For additional commands, e-mail: 
> <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message