tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Andreas Omerou" <...@simplexsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Fri, 17 Feb 2006 05:29:56 GMT
More or less this what I think as well! That Cache-control: max-age=0 is
applied to cookies too.  However the cookies in Firefox seem to have the
correct expiration date.

Michael

>-----Original Message-----
>From: news [mailto:news@sea.gmane.org] On Behalf Of Bill Barker
>Sent: 17 February 2006 06:03
>To: users@tomcat.apache.org
>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>
>
>"Michael Andreas Omerou" <mao@simplexsoftware.com> wrote in 
>message news:000d01c63349$b56126b0$657ba8c0@MAONX8220...
>> Dear all,
>>
>> Thanks for your replies to my problem.  However, I think the 
>> discussion has been "diverted" into a debate totally 
>irrelevant to the 
>> issue.
>>
>
>Not that I'm all that interested, but just to push this along, 
>what are the Cookie properties in FireFox after you request a page?
>
>Personally, I'm betting that FireFox is probably applying your 
>cache-control/max-age headers to the Cookies as well as to the 
>page itself.
>
>> As far as Chuck's question whether this could be related to 
>the popup, 
>> this is not the case as the problem happens on other pages too, even 
>> on index.jsp (first page)
>>
>> Regarding Filip's email and monitoring HTTP Headers I am impressed 
>> that it seems to work for you.  I run FireFox on Windows XP Pro SP2 
>> and what happens is that when a page finishes loading, the session 
>> expires on the server.
>> When the user/browser requests another page the correct 
>session id is 
>> sent from the browser but the server detects that this 
>session id sent 
>> is no more valid (expired) and so we have a timeout.  However, this 
>> behaviour, only
>> occurs with FireFox.   I tried it from another PC with XP 
>Pro SP2 too but
>> the problem is the same.  With IE, NetScape and Opera all is ok.
>>
>>
>>
>> I want to emphasize that this behaviour does not happen only when 
>> switching from SSL to non-SSL or vice versa.  Even if I try 
>to access 
>> pages such as the About Us or the Contact Us the session expires 
>> again.  However, in that case the problem is not "visible" 
>to the user 
>> since those pages do not contain any session specific data so even 
>> with a new session it is ok.
>> Try
>> the following though and you will see what I mean.  On 
>> tophotelchoices.com do a search for a hotel.  Let the results be 
>> displayed and then, go to the About Us page.  Then, click your 
>> browser's back button and instead of going back to the 
>search results 
>> you get a timeout (if you get search results it will be from 
>browser's 
>> cache, do a reload and you will get timeout).
>>
>> Monitoring the HTTP headers for both IE and Firefox using 
>HttpAnalyzer 
>> for IE and LiveHttpHeaders for Firefox gives the following:
>> 1) IE
>>
>> (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1
>> Accept:*/*
>> Accept-Language:en-gb
>> Accept-Encoding:gzip, deflate
>> User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; 
>> .NET CLR 1.1.4322; InfoPath.1) Host:www.tophotelchoices.com 
>> Proxy-Connection:Keep-Alive Pragma:no-cache 
>> Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D
>>
>> (Status-Line):HTTP/1.0 200 OK
>> Date:Thu, 16 Feb 2006 22:09:18 GMT
>> Server:Apache/1.3.33 (Unix) mod_jk/1.2.15 Cache-Control:no-cache 
>> Pragma:no-cache Expires:Wed, 31 Dec 1969 23:59:59 GMT
>> Content-Type:text/html;charset=UTF-8
>> X-Cache:MISS from proxy01.spidernet.net X-Cache-Lookup:MISS from 
>> proxy01.spidernet.net:83 Proxy-Connection:close
>>
>> 2) FIREFOX:
>> GET http://www.tophotelchoices.com/index.jsp HTTP/1.1
>> Host: www.tophotelchoices.com
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; 
>rv:1.7.12)
>> Gecko/20050919 Firefox/1.0.7
>> Accept:
>> 
>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl
>> ain;q=
>> 0.8,image/png,*/*;q=0.5
>> Accept-Language: en-gb,en;q=0.5
>> Accept-Encoding: gzip,deflate
>> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>> Keep-Alive: 300
>> Proxy-Connection: keep-alive
>> Referer: http://www.tophotelchoices.com/timeout.jsp
>> Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358
>> Cache-Control: max-age=0
>>
>> HTTP/1.x 200 OK
>> Date: Thu, 16 Feb 2006 22:12:27 GMT
>> Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>> Cache-Control: no-cache
>> Pragma: no-cache
>> Expires: Wed, 31 Dec 1969 23:59:59 GMT
>> Content-Type: text/html;charset=UTF-8
>> X-Cache: MISS from proxy01.spidernet.net
>> X-Cache-Lookup: MISS from proxy01.spidernet.net:83
>> Proxy-Connection: close
>>
>> Obviously, the response is the same in both cases, however, for 
>> FireFox the important difference I see in Request is the one saying 
>> Cache-control:
>> max-age=0 and also, the Keep-Alive value 300. I do not think the 
>> Keep-Alive value is the problem, however, the Cache-Control: 
>max-age=0 
>> is suspicious.
>> In my code I have 
>response.setHeader("Cache-Control","no-cache") but I 
>> think this is different.  Does anyone have a clue what the max-age:0 
>> is doing?
>>
>> Your help will be greatly appreciated.
>>
>>
>> Thanks and regards,
>> Michael
>>
>>>-----Original Message-----
>>>From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>>>Sent: 15 February 2006 22:16
>>>To: Tomcat Users List
>>>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>
>>>George Sexton wrote:
>>>> Does the code transparently create a new JSessionID value then?
>>>
>>>George,
>>>you might wanna rethink your comments, they don't shine any light on 
>>>the issue and they for sure don't state any facts, let me 
>prove you I 
>>>am right. Below is the headers I tracked with 
>LiveHttpHeaders, as you 
>>>can see, JSESSIONID remains exactly the same in the browser request 
>>>when the switch from HTTP to HTTPS happens.
>>>This is Firefox on Fedora 4. The site works fine.
>>>
>>>This must be a browser issue, can you tell us a little bit 
>more about 
>>>what version and platform your browser is on.
>>>
>>>1. Request to the home - non secure
>>>============================================================
>>>http://www.tophotelchoices.com/
>>>GET / HTTP/1.1
>>>Host: www.tophotelchoices.com
>>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>>>Gecko/20060124 Firefox/1.5.0.1
>>>Accept:
>>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
>> text/plain;q=0.8,image/png,*/*;q=0.5
>>>Accept-Language: en-us,en;q=0.5
>>>Accept-Encoding: gzip,deflate
>>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>>Keep-Alive: 300
>>>Connection: keep-alive
>>>Referer: http://www.tophotelchoices.com/
>>>
>>>HTTP/1.x 200 OK
>>>Date: Wed, 15 Feb 2006 20:08:55 GMT
>>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>>>Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
>>>Cache-Control: no-cache
>>>Pragma: no-cache
>>>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>>>Keep-Alive: timeout=5, max=20
>>>Connection: Keep-Alive
>>>Transfer-Encoding: chunked
>>>Content-Type: text/html;charset=UTF-8
>>>
>>>2. Click on the request button - switch from HTTP to HTTPS 
>>>https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
>>>GET /bookingServlet1?hotel=ASI HTTP/1.1
>>>Host: www.tophotelchoices.com:443
>>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>>>Gecko/20060124 Firefox/1.5.0.1
>>>Accept:
>>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
>> text/plain;q=0.8,image/png,*/*;q=0.5
>>>Accept-Language: en-us,en;q=0.5
>>>Accept-Encoding: gzip,deflate
>>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>>Keep-Alive: 300
>>>Connection: keep-alive
>>>Referer: http://www.tophotelchoices.com/searchResults.jsp
>>>Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF
>>>
>>>HTTP/1.x 200 OK
>>>Date: Wed, 15 Feb 2006 20:11:54 GMT
>>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>>>Cache-Control: no-cache
>>>Pragma: no-cache
>>>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>>>Keep-Alive: timeout=5, max=20
>>>Connection: Keep-Alive
>>>Transfer-Encoding: chunked
>>>Content-Type: text/html;charset=UTF-8
>>>
>>>
>>>George Sexton wrote:
>>>> Does the code transparently create a new JSessionID value then?
>>>>
>>>> George Sexton
>>>> MH Software, Inc.
>>>> http://www.mhsoftware.com/
>>>> Voice: 303 438 9585
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>>>>> Sent: Wednesday, February 15, 2006 12:48 PM
>>>>> To: Tomcat Users List
>>>>> Subject: Re: Session Expires At Every Request 
>>>>> (Tomcat5.0.28/Firefox)
>>>>>
>>>>> sessions started in non-ssl mode should carry over to 
>SSL, but not 
>>>>> the other way around.
>>>>> Filip
>>>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>> 
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message