tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Andreas Omerou" <...@simplexsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Thu, 16 Feb 2006 22:37:54 GMT
Dear all,

Thanks for your replies to my problem.  However, I think the discussion has
been "diverted" into a debate totally irrelevant to the issue.

As far as Chuck's question whether this could be related to the popup, this
is not the case as the problem happens on other pages too, even on index.jsp
(first page)

Regarding Filip's email and monitoring HTTP Headers I am impressed that it
seems to work for you.  I run FireFox on Windows XP Pro SP2 and what happens
is that when a page finishes loading, the session expires on the server.
When the user/browser requests another page the correct session id is sent
from the browser but the server detects that this session id sent is no more
valid (expired) and so we have a timeout.  However, this behaviour, only
occurs with FireFox.   I tried it from another PC with XP Pro SP2 too but
the problem is the same.  With IE, NetScape and Opera all is ok. 

 

I want to emphasize that this behaviour does not happen only when switching
from SSL to non-SSL or vice versa.  Even if I try to access pages such as
the About Us or the Contact Us the session expires again.  However, in that
case the problem is not "visible" to the user since those pages do not
contain any session specific data so even with a new session it is ok.  Try
the following though and you will see what I mean.  On tophotelchoices.com
do a search for a hotel.  Let the results be displayed and then, go to the
About Us page.  Then, click your browser's back button and instead of going
back to the search results you get a timeout (if you get search results it
will be from browser's cache, do a reload and you will get timeout).

Monitoring the HTTP headers for both IE and Firefox using HttpAnalyzer for
IE and LiveHttpHeaders for Firefox gives the following:
1) IE

(Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1
Accept:*/*
Accept-Language:en-gb
Accept-Encoding:gzip, deflate
User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; InfoPath.1)
Host:www.tophotelchoices.com
Proxy-Connection:Keep-Alive
Pragma:no-cache
Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D

(Status-Line):HTTP/1.0 200 OK
Date:Thu, 16 Feb 2006 22:09:18 GMT
Server:Apache/1.3.33 (Unix) mod_jk/1.2.15
Cache-Control:no-cache
Pragma:no-cache
Expires:Wed, 31 Dec 1969 23:59:59 GMT
Content-Type:text/html;charset=UTF-8
X-Cache:MISS from proxy01.spidernet.net
X-Cache-Lookup:MISS from proxy01.spidernet.net:83
Proxy-Connection:close

2) FIREFOX:
GET http://www.tophotelchoices.com/index.jsp HTTP/1.1
Host: www.tophotelchoices.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12)
Gecko/20050919 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.tophotelchoices.com/timeout.jsp
Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358
Cache-Control: max-age=0

HTTP/1.x 200 OK
Date: Thu, 16 Feb 2006 22:12:27 GMT
Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
X-Cache: MISS from proxy01.spidernet.net
X-Cache-Lookup: MISS from proxy01.spidernet.net:83
Proxy-Connection: close

Obviously, the response is the same in both cases, however, for FireFox the
important difference I see in Request is the one saying Cache-control:
max-age=0 and also, the Keep-Alive value 300. I do not think the Keep-Alive
value is the problem, however, the Cache-Control: max-age=0 is suspicious.
In my code I have response.setHeader("Cache-Control","no-cache") but I think
this is different.  Does anyone have a clue what the max-age:0 is doing?

Your help will be greatly appreciated.


Thanks and regards,
Michael

>-----Original Message-----
>From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
>Sent: 15 February 2006 22:16
>To: Tomcat Users List
>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>
>George Sexton wrote:
>> Does the code transparently create a new JSessionID value then?
>
>George,
>you might wanna rethink your comments, they don't shine any 
>light on the issue and they for sure don't state any facts, 
>let me prove you I am right. Below is the headers I tracked 
>with LiveHttpHeaders, as you can see, JSESSIONID remains 
>exactly the same in the browser request when the switch from 
>HTTP to HTTPS happens.
>This is Firefox on Fedora 4. The site works fine.
>
>This must be a browser issue, can you tell us a little bit 
>more about what version and platform your browser is on.
>
>1. Request to the home - non secure
>============================================================
>http://www.tophotelchoices.com/
>GET / HTTP/1.1
>Host: www.tophotelchoices.com
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>Gecko/20060124 Firefox/1.5.0.1
>Accept: 
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://www.tophotelchoices.com/
>
>HTTP/1.x 200 OK
>Date: Wed, 15 Feb 2006 20:08:55 GMT
>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
>Cache-Control: no-cache
>Pragma: no-cache
>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>Keep-Alive: timeout=5, max=20
>Connection: Keep-Alive
>Transfer-Encoding: chunked
>Content-Type: text/html;charset=UTF-8
>
>2. Click on the request button - switch from HTTP to HTTPS 
>https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
>GET /bookingServlet1?hotel=ASI HTTP/1.1
>Host: www.tophotelchoices.com:443
>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>Gecko/20060124 Firefox/1.5.0.1
>Accept: 
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
text/plain;q=0.8,image/png,*/*;q=0.5
>Accept-Language: en-us,en;q=0.5
>Accept-Encoding: gzip,deflate
>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>Keep-Alive: 300
>Connection: keep-alive
>Referer: http://www.tophotelchoices.com/searchResults.jsp
>Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF
>
>HTTP/1.x 200 OK
>Date: Wed, 15 Feb 2006 20:11:54 GMT
>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>Cache-Control: no-cache
>Pragma: no-cache
>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>Keep-Alive: timeout=5, max=20
>Connection: Keep-Alive
>Transfer-Encoding: chunked
>Content-Type: text/html;charset=UTF-8
>
>
>George Sexton wrote:
>> Does the code transparently create a new JSessionID value then?
>>
>> George Sexton
>> MH Software, Inc.
>> http://www.mhsoftware.com/
>> Voice: 303 438 9585
>>
>>
>>> -----Original Message-----
>>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>>> Sent: Wednesday, February 15, 2006 12:48 PM
>>> To: Tomcat Users List
>>> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>
>>> sessions started in non-ssl mode should carry over to SSL, but not 
>>> the other way around.
>>> Filip
>>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message