tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Sexton" <gsex...@mhsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Wed, 15 Feb 2006 18:17:21 GMT
You do realize that sessions don't carry over between SSL and non-SSL
request don't you?

You can't have a session ID that carries over from a non-ssl session to an
SSL session because that session ID is compromised (it has been exposed) as
plain text.

As an aside, I looked at your form. You should really use
HttpServletRequest.getLocale() to pick up your user's locale and then
provide date formatting for the user locale.

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  

> -----Original Message-----
> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
> Sent: Wednesday, February 15, 2006 11:03 AM
> To: 'Tomcat Users List'; edyke@vrs.state.va.us; 
> alexandre.tastet@fr.fortisbank.com
> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> 
> As the problem occurs with a live site, you can see it yourself at
> www.tophotelchoices.com.  Do a search for any hotel.   You 
> will see the
> results.  By the time the results page is loaded your session 
> has expired
> but you do not know.  Click on the "Book" or "Request" button 
> of any hotel
> and you will see the Timeout page.
> 
> Remember that the above only happens with FireFox.
> 
> I will greatly appreciate your help.
> 
> >-----Original Message-----
> >From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
> >Sent: 15 February 2006 19:45
> >To: edyke@vrs.state.va.us; alexandre.tastet@fr.fortisbank.com
> >Cc: 'Tomcat Users List'
> >Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >
> >I tried with NetScape and Opera to see what happens.  
> >
> >For NetScape the first time I tried it was ok up to the stage 
> >that I switched to SSL.  At that step, I lost my session.  
> >After trying several times again I noticed NetScape was ok.
> >
> >With Opera all works fine, like with IE, from the beginning.
> >
> >So major problem is still FireFox and it must be something 
> >that it sends (or not sends) back to Tomcat that causes 
> >session expiration.
> >
> >Thanks for your assistance.
> >
> >Michael
> >
> >>-----Original Message-----
> >>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>Sent: 15 February 2006 17:48
> >>To: 'Tomcat Users List'
> >>Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >>
> >>Not at the stage that this problem occurs.  SSL is used 
> >further on when 
> >>the user logs in to make a payment but the SSL pages are 
> >never reached 
> >>with FireFox because of the early timeout.  With IE all is ok, 
> >>including SSL connections.
> >>
> >>>-----Original Message-----
> >>>From: alexandre.tastet@fr.fortisbank.com
> >>>[mailto:alexandre.tastet@fr.fortisbank.com]
> >>>Sent: 15 February 2006 17:43
> >>>To: 'Tomcat Users List'
> >>>Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>
> >>>Are you using SSL connection ?
> >>>
> >>>-----Message d'origine-----
> >>>De :
> >>>users-return-140612-alexandre.tastet=fr.fortisbank.com@tomcat.a
> >>pache.org
> >>>[mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@
> >>tomcat.ap
> >>>ache.org]De la part de Michael Andreas Omerou Envoye : 
> >>>mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List'
> >>>Objet : RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >>>
> >>>
> >>>It is 30 minutes.  If I do
> >>>request.getSession().getMaxInactiveInterval() I get 1800 (seconds I
> >>>guess) which is the correct value for 30 minutes.
> >>>
> >>>Michael
> >>>
> >>>>-----Original Message-----
> >>>>From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
> >>>>Sent: 15 February 2006 17:25
> >>>>To: Tomcat Users List
> >>>>Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>>
> >>>>The META tags should not have an effect on cookies. Firefox
> >>would not
> >>>>be the one that expires your session, Tomcat would.
> >>>>Do you have a session timeout specified in your application?
> >>>>
> >>>>Earnie!
> >>>>
> >>>>-----Original Message-----
> >>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>Sent: Wednesday, February 15, 2006 10:19 AM
> >>>>To: 'Tomcat Users List'
> >>>>Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>>
> >>>>
> >>>>Hi Earnie,
> >>>>
> >>>>Cookies are allowed at the browser.  It seems for some
> >>reason that at
> >>>>then end of loading each JSP firefox expires my session.  I 
> >use some 
> >>>>meta tags (<META HTTP-EQUIV="Cache-Control"
> >>>CONTENT="No-Cache">, <META
> >>>>HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META 
> HTTP-EQUIV="Expires"
> >>>>CONTENT="-1">) and also set the corresponding header values using

> >>>>response.setHeader but even if I remove them nothing changes.
> >>>>
> >>>>Michael
> >>>>
> >>>>>-----Original Message-----
> >>>>>From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
> >>>>>Sent: 15 February 2006 17:10
> >>>>>To: Tomcat Users List
> >>>>>Subject: RE: Session Expires At Every Request 
> >(Tomcat5.0.28/Firefox)
> >>>>>
> >>>>>Are you blocking cookies at the browser?
> >>>>>
> >>>>>Earnie!
> >>>>>
> >>>>>-----Original Message-----
> >>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>Sent: Wednesday, February 15, 2006 10:06 AM
> >>>>>To: 'Tomcat Users List'
> >>>>>Subject: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >>>>>
> >>>>>
> >>>>> Anybody has an idea what could be causing what I describe in
> >>>>the below
> >>>>>two emails?
> >>>>>
> >>>>>>-----Original Message-----
> >>>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>>Sent: 15 February 2006 13:10
> >>>>>>To: 'Tomcat Users List'
> >>>>>>Subject: RE: Session Problems with Firefox
> >>>>>>
> >>>>>>Further to my below email I have put in some code to check
> >>the HTTP
> >>>>>>headers in each case (IE and FireFox).
> >>>>>>
> >>>>>>These are:
> >>>>>>
> >>>>>>IE
> >>>>>>accept: */*
> >>>>>>accept-language: en-gb
> >>>>>>accept-encoding: gzip, deflate
> >>>>>>user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
> >>5.1; SV1;
> >>>>>>.NET CLR 1.1.4322; InfoPath.1)
> >>>>>>host: localhost
> >>>>>>connection: Keep-Alive
> >>>>>>cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320
> >>>>>>
> >>>>>>FireFox
> >>>>>>host: localhost
> >>>>>>user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
> >>>>rv:1.7.12)
> >>>>>>Gecko/20050919 Firefox/1.0.7
> >>>>>>accept:
> >>>>>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> >>>>>text/plain;q=
> >>>>>>0.8,image/png,*/*;q=0.5
> >>>>>>accept-language: en-gb,en;q=0.5
> >>>>>>accept-encoding: gzip,deflate
> >>>>>>accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >>>>>>keep-alive: 300
> >>>>>>connection: keep-alive
> >>>>>>cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6
> >>>>>>cache-control: max-age=0
> >>>>>>
> >>>>>>
> >>>>>>I wonder whether the keep-alive which exists in the case of
> >>>>>FireFox but
> >>>>>>not in the case of IE could be the cause of my problems.
> >>>>>>
> >>>>>>Michael
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>>-----Original Message-----
> >>>>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>>>Sent: 15 February 2006 11:27
> >>>>>>>To: users@tomcat.apache.org
> >>>>>>>Subject: Session Problems with Firefox
> >>>>>>>
> >>>>>>>Hello,
> >>>>>>>
> >>>>>>>I have some problems with session management when our 
> >application 
> >>>>>>>runsin Firefox.
> >>>>>>>
> >>>>>>>Basically, what happens is that after I set in the 
> session some 
> >>>>>>>attributes/beans which are needed down the application, I
> >>>>>>check in all
> >>>>>>>JSPs and servlets that an old session is still there by using
> >>>>>>>		if (request.getSession(false)==null){
> >>>>>>> 
> >>>>>>>response.sendRedirect(response.encodeRedirectURL("timeo
> ut.jsp"));
> >>>>>>>
> >>>>>>>            }
> >>>>>>>
> >>>>>>>With IE all works fine, however with Firefox, it seems that
> >>>>>>the session
> >>>>>>>is re-initialised whenever the client/browser requests a
new
> >>>>>page.  I
> >>>>>>>checked this by printing the session id in the log on each
> >>>page and
> >>>>>>>with IE it does not change, while with Firefox it changes.
> >>>>>>>
> >>>>>>>I checked my firefox settings for cookies and all look ok.
> >>>>>>>
> >>>>>>>Anybody has a clue of what I might be doing wrong?
> >>>>>>>
> >>>>>>>Regards,
> >>>>>>>Michael
> >>>>>>>
> >>>>>>>
> >>>>>>>------------------------------------------------------------
> >>>>---------
> >>>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>------------------------------------------------------------
> >>>---------
> >>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>
> >>>>>
> >>>>>------------------------------------------------------------
> >>---------
> >>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>>
> >>>>>------------------------------------------------------------
> >>---------
> >>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>
> >>>>
> >>>>------------------------------------------------------------
> >---------
> >>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>>------------------------------------------------------------
> >---------
> >>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>
> >>>
> >>>-----------------------------------------------------------
> ----------
> >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>Ce message avec ses documents attaches sont confidentiels 
> et a usage 
> >>>exclusif du ou des destinataires. La responsabilite de 
> Fortis Banque 
> >>>France ne peut en aucun cas etre engagee suite a un prejudice
> >>lie a un
> >>>incident de securite, d'integrite, de virus ou a un retard dans la 
> >>>transmission. De plus, ce document n'a aucune valeur 
> >contractuelle ou 
> >>>juridique; en particulier, aucune transaction commerciale ne
> >>peut etre
> >>>basee exclusivement sur des emails.
> >>>
> >>>This message and its attachments are confidential; their use is 
> >>>restricted to their recipient(s). Fortis Banque France 
> >cannot, in any 
> >>>way, be responsible for any prejudice linked to any incident
> >>regarding
> >>>security, integrity, virus or delay in transmission. 
> Moreover, this 
> >>>document has no contractual nor legal value whatsoever; in
> >>particular,
> >>>no business transaction can, in any way, be based exclusively on 
> >>>emails.
> >>>
> >>>
> >>>
> >>>
> >>>-----------------------------------------------------------
> ----------
> >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>
> >>
> >>------------------------------------------------------------
> ---------
> >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message