tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Murray" <mp...@optusnet.com.au>
Subject RE: HTTPS session strangeness with Tomcat 4.0.6
Date Mon, 28 Jul 2003 22:37:30 GMT
Dan,

Does it matter which browser you use?  I am experiencing (so far without
resolution) problems invalidating and re-establishing sessions and
refreshing pages based on session status when I use IE but have the same
pages operate perfectly under NetScape.

Murray
-----Original Message-----
From: Dan Lipofsky [mailto:danlip@nuserve.com]
Sent: Tuesday, 29 July 2003 06:54
To: tomcat-user@jakarta.apache.org
Subject: HTTPS session strangeness with Tomcat 4.0.6


I have a login JSP that does a session.setAttribute and all
subsequent pages do a session.getAttribute to ensure the
user is logged in.  The login page uses HTTPS and then
redirects to HTTP for subsequent pages.  This worked in
Tomcat 3.2.4 but fails in Tomcat 4.0.6, 4.1.24, and 5 alpha.
BUT THE WAY IT FAILS IS PARTICULARLY BIZARRE - it will fail
the first time but work the second time.  This is very
consistent.  Below are 2 extremely simple JSPs that demo the
problem.  The first only sets the attribute and provides a
link to the second.  The second displays the attribute.  The
first time through it will say "TEST=null".  If you then hit
the back button and refresh the first page and click next
again it will say "TEST=TEST_VAL" like it should


*** First JSP: https://www3.nuserve.com:8011/testS1.jsp ***

<%
    System.out.println("Setting TEST_KEY=TEST_VAL");
    session.setAttribute("TEST_KEY","TEST_VAL");
%>
<a href="http://www3.nuserve.com:8010/testS2.jsp">next</a>


*** Second JSP: http://www3.nuserve.com:8010/testS2.jsp ***

TEST=<%=session.getAttribute("TEST_KEY")%>


Does anyone have an idea what causes this or how to fix it?
Thanks,
Dan



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message