tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Andreas Omerou" <...@simplexsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Fri, 17 Feb 2006 05:17:48 GMT
This is really an old thing I read somewhere that IE might not "respond" to
the top headers so the only way to force IE to work as you want it to (no
caching) was to do this (put one more header at the end).  Back at that time
(IE 5 was used with 6 not being released yet) this solved me many problems
so since then I use this trick it in my code whenever I do not want caching.

Michael 

>-----Original Message-----
>From: George Sexton [mailto:gsexton@mhsoftware.com] 
>Sent: 17 February 2006 04:42
>To: 'Tomcat Users List'; mao@simplexsoftware.com
>Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>
>Just out of curiousity, why do your pages have two HEAD blocks 
>(one at the top, and one at the bottom of the page)?
>
>George Sexton
>MH Software, Inc.
>http://www.mhsoftware.com/
>Voice: 303 438 9585
>  
>
>> -----Original Message-----
>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>> Sent: Thursday, February 16, 2006 3:38 PM
>> To: 'Tomcat Users List'
>> Cc: devlists@hanik.com; 'George Sexton'; 'Joey Geiger'; 
>> Chuck.Caldarale@unisys.com
>> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>> 
>> Dear all,
>> 
>> Thanks for your replies to my problem.  However, I think the 
>> discussion has been "diverted" into a debate totally 
>irrelevant to the 
>> issue.
>> 
>> As far as Chuck's question whether this could be related to 
>the popup, 
>> this is not the case as the problem happens on other pages too, even 
>> on index.jsp (first page)
>> 
>> Regarding Filip's email and monitoring HTTP Headers I am impressed 
>> that it seems to work for you.  I run FireFox on Windows XP Pro SP2 
>> and what happens is that when a page finishes loading, the session 
>> expires on the server.
>> When the user/browser requests another page the correct 
>session id is 
>> sent from the browser but the server detects that this 
>session id sent 
>> is no more valid (expired) and so we have a timeout.  However, this 
>> behaviour, only
>> occurs with FireFox.   I tried it from another PC with XP Pro 
>> SP2 too but
>> the problem is the same.  With IE, NetScape and Opera all is ok. 
>> 
>>  
>> 
>> I want to emphasize that this behaviour does not happen only when 
>> switching from SSL to non-SSL or vice versa.  Even if I try 
>to access 
>> pages such as the About Us or the Contact Us the session expires 
>> again.
>> However, in that
>> case the problem is not "visible" to the user since those 
>pages do not 
>> contain any session specific data so even with a new session 
>it is ok.  
>> Try the following though and you will see what I mean.  On 
>> tophotelchoices.com do a search for a hotel.  Let the results be 
>> displayed and then, go to the About Us page.  Then, click your 
>> browser's back button and instead of going back to the 
>search results 
>> you get a timeout (if you get search results it will be from 
>browser's 
>> cache, do a reload and you will get timeout).
>> 
>> Monitoring the HTTP headers for both IE and Firefox using 
>HttpAnalyzer 
>> for IE and LiveHttpHeaders for Firefox gives the following:
>> 1) IE
>> 
>> (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1
>> Accept:*/*
>> Accept-Language:en-gb
>> Accept-Encoding:gzip, deflate
>> User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; 
>> .NET CLR 1.1.4322; InfoPath.1) Host:www.tophotelchoices.com 
>> Proxy-Connection:Keep-Alive Pragma:no-cache 
>> Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D
>> 
>> (Status-Line):HTTP/1.0 200 OK
>> Date:Thu, 16 Feb 2006 22:09:18 GMT
>> Server:Apache/1.3.33 (Unix) mod_jk/1.2.15 Cache-Control:no-cache 
>> Pragma:no-cache Expires:Wed, 31 Dec 1969 23:59:59 GMT
>> Content-Type:text/html;charset=UTF-8
>> X-Cache:MISS from proxy01.spidernet.net X-Cache-Lookup:MISS from 
>> proxy01.spidernet.net:83 Proxy-Connection:close
>> 
>> 2) FIREFOX:
>> GET http://www.tophotelchoices.com/index.jsp HTTP/1.1
>> Host: www.tophotelchoices.com
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; 
>rv:1.7.12)
>> Gecko/20050919 Firefox/1.0.7
>> Accept:
>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
>,text/plain;q=
>> 0.8,image/png,*/*;q=0.5
>> Accept-Language: en-gb,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Proxy-Connection: keep-alive
>> Referer: http://www.tophotelchoices.com/timeout.jsp
>> Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358
>> Cache-Control: max-age=0
>> 
>> HTTP/1.x 200 OK
>> Date: Thu, 16 Feb 2006 22:12:27 GMT
>> Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>> Cache-Control: no-cache
>> Pragma: no-cache
>> Expires: Wed, 31 Dec 1969 23:59:59 GMT
>> Content-Type: text/html;charset=UTF-8
>> X-Cache: MISS from proxy01.spidernet.net
>> X-Cache-Lookup: MISS from proxy01.spidernet.net:83
>> Proxy-Connection: close
>> 
>> Obviously, the response is the same in both cases, however, for 
>> FireFox the important difference I see in Request is the one saying 
>> Cache-control:
>> max-age=0 and also, the Keep-Alive value 300. I do not think the 
>> Keep-Alive value is the problem, however, the Cache-Control: 
>max-age=0 
>> is suspicious.
>> In my code I have
>> response.setHeader("Cache-Control","no-cache") but I think this is 
>> different.  Does anyone have a clue what the max-age:0 is doing?
>> 
>> Your help will be greatly appreciated.
>> 
>> 
>> Thanks and regards,
>> Michael
>> 
>> >-----Original Message-----
>> >From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>> >Sent: 15 February 2006 22:16
>> >To: Tomcat Users List
>> >Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>> >
>> >George Sexton wrote:
>> >> Does the code transparently create a new JSessionID value then?
>> >
>> >George,
>> >you might wanna rethink your comments, they don't shine any 
>light on 
>> >the issue and they for sure don't state any facts, let me 
>prove you I 
>> >am right. Below is the headers I tracked with 
>LiveHttpHeaders, as you 
>> >can see, JSESSIONID remains exactly the same in the browser request 
>> >when the switch from HTTP to HTTPS happens.
>> >This is Firefox on Fedora 4. The site works fine.
>> >
>> >This must be a browser issue, can you tell us a little bit 
>more about 
>> >what version and platform your browser is on.
>> >
>> >1. Request to the home - non secure
>> >============================================================
>> >http://www.tophotelchoices.com/
>> >GET / HTTP/1.1
>> >Host: www.tophotelchoices.com
>> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>> >Gecko/20060124 Firefox/1.5.0.1
>> >Accept: 
>> >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
>> text/plain;q=0.8,image/png,*/*;q=0.5
>> >Accept-Language: en-us,en;q=0.5
>> >Accept-Encoding: gzip,deflate
>> >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> >Keep-Alive: 300
>> >Connection: keep-alive
>> >Referer: http://www.tophotelchoices.com/
>> >
>> >HTTP/1.x 200 OK
>> >Date: Wed, 15 Feb 2006 20:08:55 GMT
>> >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>> >Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
>> >Cache-Control: no-cache
>> >Pragma: no-cache
>> >Expires: Wed, 31 Dec 1969 23:59:59 GMT
>> >Keep-Alive: timeout=5, max=20
>> >Connection: Keep-Alive
>> >Transfer-Encoding: chunked
>> >Content-Type: text/html;charset=UTF-8
>> >
>> >2. Click on the request button - switch from HTTP to HTTPS 
>> >https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
>> >GET /bookingServlet1?hotel=ASI HTTP/1.1
>> >Host: www.tophotelchoices.com:443
>> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>> >Gecko/20060124 Firefox/1.5.0.1
>> >Accept: 
>> >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
>> text/plain;q=0.8,image/png,*/*;q=0.5
>> >Accept-Language: en-us,en;q=0.5
>> >Accept-Encoding: gzip,deflate
>> >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> >Keep-Alive: 300
>> >Connection: keep-alive
>> >Referer: http://www.tophotelchoices.com/searchResults.jsp
>> >Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF
>> >
>> >HTTP/1.x 200 OK
>> >Date: Wed, 15 Feb 2006 20:11:54 GMT
>> >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>> >Cache-Control: no-cache
>> >Pragma: no-cache
>> >Expires: Wed, 31 Dec 1969 23:59:59 GMT
>> >Keep-Alive: timeout=5, max=20
>> >Connection: Keep-Alive
>> >Transfer-Encoding: chunked
>> >Content-Type: text/html;charset=UTF-8
>> >
>> >
>> >George Sexton wrote:
>> >> Does the code transparently create a new JSessionID value then?
>> >>
>> >> George Sexton
>> >> MH Software, Inc.
>> >> http://www.mhsoftware.com/
>> >> Voice: 303 438 9585
>> >>
>> >>
>> >>> -----Original Message-----
>> >>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>> >>> Sent: Wednesday, February 15, 2006 12:48 PM
>> >>> To: Tomcat Users List
>> >>> Subject: Re: Session Expires At Every Request
>> (Tomcat5.0.28/Firefox)
>> >>>
>> >>> sessions started in non-ssl mode should carry over to
>> SSL, but not
>> >>> the other way around.
>> >>> Filip
>> >>>
>> >
>> >
>> 
>>---------------------------------------------------------------------
>> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >For additional commands, e-mail: users-help@tomcat.apache.org
>> >
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
>> 
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message