tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Vexing session creation issue
Date Wed, 16 Jun 2004 14:47:07 GMT

The behavior you're seeing is consistent with the servlet specification.
If a client chooses not to join a session (which the page
session="false" directive indicates), the container may still create
sessions for the client, just that it will be a new session each time,
with a new ID and empty attributes.  This is in the Servlet Spec but
summarized nicely in the 2nd to last paragraph of the HttpSession class

Yoav Shapira
Millennium Research Informatics

>-----Original Message-----
>From: Frank Zammetti []
>Sent: Wednesday, June 16, 2004 10:36 AM
>Subject: Vexing session creation issue
>I sent this to the Struts mailing list as well, but it seems like it
>be a Tomcat issue as well (probably just some config option I don't
>Argh, this one is hurting my head...
>I have an application that starts out by returning index.jsp (it's the
>welcome file).  This JSP opens a new window via JavaScript and loads
>index1.jsp.  index1.jsp populates five frames of a frameset.  At the
end of
>all this, my logon screen is seen.
>The important thing to note here is that no Actions are executed to
>point, it's just loading JSP's, and there is not really any JSP code in
>of these except for a bunch of request.getContextPath() calls.  No code
>accesses session or anything like that, and there are only two
>getting anything out of request (because the logon page might be shown
>a bad attempt, and I need to get the userID and password that was
>attempted).  In all of them, I have session="false" in the page tag.
>Now... I've created a SessionListener to tell me when a session is
>or destroyed.  Problem is, during all these JSP loads, the create event
>fires TWICE!  What's worse, session is NOT null (which I expected it to
>and worse still, I'm getting two DIFFERENT session ID's!  It looks like
>sessions are being created when it seems like absolutely NONE should
>I'm banging my head against the wall with this one.  Anyone have any
>Thanks folks!
>MSN 9 Dial-up Internet Access fights spam and pop-ups - now 3 months
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message