tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Sexton" <gsex...@mhsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Wed, 15 Feb 2006 19:50:17 GMT
Does the code transparently create a new JSessionID value then?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  

> -----Original Message-----
> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
> Sent: Wednesday, February 15, 2006 12:48 PM
> To: Tomcat Users List
> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> 
> sessions started in non-ssl mode should carry over to SSL, 
> but not the 
> other way around.
> Filip
> 
> 
> Joey Geiger wrote:
> >>> You do realize that sessions don't carry over between SSL 
> and non-SSL
> >>> request don't you?
> >>>       
> >
> > What is the proper/best way to go about this then, since I 
> will be facing a
> > similar situation in the near future? (Shopping cart bean, 
> customer bean
> > saved in the session.)
> >
> > Thanks.
> >
> >
> > -----Original Message-----
> > From: George Sexton [mailto:gsexton@mhsoftware.com] 
> > Sent: Wednesday, February 15, 2006 12:17 PM
> > To: 'Tomcat Users List'; mao@simplexsoftware.com; 
> edyke@vrs.state.va.us;
> > alexandre.tastet@fr.fortisbank.com
> > Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >
> > You do realize that sessions don't carry over between SSL 
> and non-SSL
> > request don't you?
> >
> > You can't have a session ID that carries over from a 
> non-ssl session to an
> > SSL session because that session ID is compromised (it has 
> been exposed) as
> > plain text.
> >
> > As an aside, I looked at your form. You should really use
> > HttpServletRequest.getLocale() to pick up your user's 
> locale and then
> > provide date formatting for the user locale.
> >
> > George Sexton
> > MH Software, Inc.
> > http://www.mhsoftware.com/
> > Voice: 303 438 9585
> >   
> >
> >   
> >> -----Original Message-----
> >> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
> >> Sent: Wednesday, February 15, 2006 11:03 AM
> >> To: 'Tomcat Users List'; edyke@vrs.state.va.us; 
> >> alexandre.tastet@fr.fortisbank.com
> >> Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>
> >> As the problem occurs with a live site, you can see it yourself at
> >> www.tophotelchoices.com.  Do a search for any hotel.   You 
> >> will see the
> >> results.  By the time the results page is loaded your session 
> >> has expired
> >> but you do not know.  Click on the "Book" or "Request" button 
> >> of any hotel
> >> and you will see the Timeout page.
> >>
> >> Remember that the above only happens with FireFox.
> >>
> >> I will greatly appreciate your help.
> >>
> >>     
> >>> -----Original Message-----
> >>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
> >>> Sent: 15 February 2006 19:45
> >>> To: edyke@vrs.state.va.us; alexandre.tastet@fr.fortisbank.com
> >>> Cc: 'Tomcat Users List'
> >>> Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>
> >>> I tried with NetScape and Opera to see what happens.  
> >>>
> >>> For NetScape the first time I tried it was ok up to the stage 
> >>> that I switched to SSL.  At that step, I lost my session.  
> >>> After trying several times again I noticed NetScape was ok.
> >>>
> >>> With Opera all works fine, like with IE, from the beginning.
> >>>
> >>> So major problem is still FireFox and it must be something 
> >>> that it sends (or not sends) back to Tomcat that causes 
> >>> session expiration.
> >>>
> >>> Thanks for your assistance.
> >>>
> >>> Michael
> >>>
> >>>       
> >>>> -----Original Message-----
> >>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>> Sent: 15 February 2006 17:48
> >>>> To: 'Tomcat Users List'
> >>>> Subject: RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>>
> >>>> Not at the stage that this problem occurs.  SSL is used 
> >>>>         
> >>> further on when 
> >>>       
> >>>> the user logs in to make a payment but the SSL pages are 
> >>>>         
> >>> never reached 
> >>>       
> >>>> with FireFox because of the early timeout.  With IE all is ok, 
> >>>> including SSL connections.
> >>>>
> >>>>         
> >>>>> -----Original Message-----
> >>>>> From: alexandre.tastet@fr.fortisbank.com
> >>>>> [mailto:alexandre.tastet@fr.fortisbank.com]
> >>>>> Sent: 15 February 2006 17:43
> >>>>> To: 'Tomcat Users List'
> >>>>> Subject: RE: Session Expires At Every Request 
> >>>>>           
> >> (Tomcat5.0.28/Firefox)
> >>     
> >>>>> Are you using SSL connection ?
> >>>>>
> >>>>> -----Message d'origine-----
> >>>>> De :
> >>>>> users-return-140612-alexandre.tastet=fr.fortisbank.com@tomcat.a
> >>>>>           
> >>>> pache.org
> >>>>         
> >>>>> [mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@
> >>>>>           
> >>>> tomcat.ap
> >>>>         
> >>>>> ache.org]De la part de Michael Andreas Omerou Envoye : 
> >>>>> mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List'
> >>>>> Objet : RE: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>>>
> >>>>>
> >>>>> It is 30 minutes.  If I do
> >>>>> request.getSession().getMaxInactiveInterval() I get 
> 1800 (seconds I
> >>>>> guess) which is the correct value for 30 minutes.
> >>>>>
> >>>>> Michael
> >>>>>
> >>>>>           
> >>>>>> -----Original Message-----
> >>>>>> From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
> >>>>>> Sent: 15 February 2006 17:25
> >>>>>> To: Tomcat Users List
> >>>>>> Subject: RE: Session Expires At Every Request 
> >>>>>>             
> >> (Tomcat5.0.28/Firefox)
> >>     
> >>>>>> The META tags should not have an effect on cookies. Firefox
> >>>>>>             
> >>>> would not
> >>>>         
> >>>>>> be the one that expires your session, Tomcat would.
> >>>>>> Do you have a session timeout specified in your application?
> >>>>>>
> >>>>>> Earnie!
> >>>>>>
> >>>>>> -----Original Message-----
> >>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>> Sent: Wednesday, February 15, 2006 10:19 AM
> >>>>>> To: 'Tomcat Users List'
> >>>>>> Subject: RE: Session Expires At Every Request 
> >>>>>>             
> >> (Tomcat5.0.28/Firefox)
> >>     
> >>>>>> Hi Earnie,
> >>>>>>
> >>>>>> Cookies are allowed at the browser.  It seems for some
> >>>>>>             
> >>>> reason that at
> >>>>         
> >>>>>> then end of loading each JSP firefox expires my session.  I

> >>>>>>             
> >>> use some 
> >>>       
> >>>>>> meta tags (<META HTTP-EQUIV="Cache-Control"
> >>>>>>             
> >>>>> CONTENT="No-Cache">, <META
> >>>>>           
> >>>>>> HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META 
> >>>>>>             
> >> HTTP-EQUIV="Expires"
> >>     
> >>>>>> CONTENT="-1">) and also set the corresponding header 
> values using 
> >>>>>> response.setHeader but even if I remove them nothing changes.
> >>>>>>
> >>>>>> Michael
> >>>>>>
> >>>>>>             
> >>>>>>> -----Original Message-----
> >>>>>>> From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
> >>>>>>> Sent: 15 February 2006 17:10
> >>>>>>> To: Tomcat Users List
> >>>>>>> Subject: RE: Session Expires At Every Request 
> >>>>>>>               
> >>> (Tomcat5.0.28/Firefox)
> >>>       
> >>>>>>> Are you blocking cookies at the browser?
> >>>>>>>
> >>>>>>> Earnie!
> >>>>>>>
> >>>>>>> -----Original Message-----
> >>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>>> Sent: Wednesday, February 15, 2006 10:06 AM
> >>>>>>> To: 'Tomcat Users List'
> >>>>>>> Subject: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>>>>>
> >>>>>>>
> >>>>>>> Anybody has an idea what could be causing what I describe
in
> >>>>>>>               
> >>>>>> the below
> >>>>>>             
> >>>>>>> two emails?
> >>>>>>>
> >>>>>>>               
> >>>>>>>> -----Original Message-----
> >>>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
> >>>>>>>> Sent: 15 February 2006 13:10
> >>>>>>>> To: 'Tomcat Users List'
> >>>>>>>> Subject: RE: Session Problems with Firefox
> >>>>>>>>
> >>>>>>>> Further to my below email I have put in some code to
check
> >>>>>>>>                 
> >>>> the HTTP
> >>>>         
> >>>>>>>> headers in each case (IE and FireFox).
> >>>>>>>>
> >>>>>>>> These are:
> >>>>>>>>
> >>>>>>>> IE
> >>>>>>>> accept: */*
> >>>>>>>> accept-language: en-gb
> >>>>>>>> accept-encoding: gzip, deflate
> >>>>>>>> user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT
> >>>>>>>>                 
> >>>> 5.1; SV1;
> >>>>         
> >>>>>>>> .NET CLR 1.1.4322; InfoPath.1)
> >>>>>>>> host: localhost
> >>>>>>>> connection: Keep-Alive
> >>>>>>>> cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320
> >>>>>>>>
> >>>>>>>> FireFox
> >>>>>>>> host: localhost
> >>>>>>>> user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-GB;
> >>>>>>>>                 
> >>>>>> rv:1.7.12)
> >>>>>>             
> >>>>>>>> Gecko/20050919 Firefox/1.0.7
> >>>>>>>> accept:
> >>>>>>>> 
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> >>>>>>>>                 
> >>>>>>> text/plain;q=
> >>>>>>>               
> >>>>>>>> 0.8,image/png,*/*;q=0.5
> >>>>>>>> accept-language: en-gb,en;q=0.5
> >>>>>>>> accept-encoding: gzip,deflate
> >>>>>>>> accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >>>>>>>> keep-alive: 300
> >>>>>>>> connection: keep-alive
> >>>>>>>> cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6
> >>>>>>>> cache-control: max-age=0
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> I wonder whether the keep-alive which exists in the
case of
> >>>>>>>>                 
> >>>>>>> FireFox but
> >>>>>>>               
> >>>>>>>> not in the case of IE could be the cause of my problems.
> >>>>>>>>
> >>>>>>>> Michael
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>                 
> >>>>>>>>> -----Original Message-----
> >>>>>>>>> From: Michael Andreas Omerou 
> [mailto:mao@simplexsoftware.com]
> >>>>>>>>> Sent: 15 February 2006 11:27
> >>>>>>>>> To: users@tomcat.apache.org
> >>>>>>>>> Subject: Session Problems with Firefox
> >>>>>>>>>
> >>>>>>>>> Hello,
> >>>>>>>>>
> >>>>>>>>> I have some problems with session management when
our 
> >>>>>>>>>                   
> >>> application 
> >>>       
> >>>>>>>>> runsin Firefox.
> >>>>>>>>>
> >>>>>>>>> Basically, what happens is that after I set in the

> >>>>>>>>>                   
> >> session some 
> >>     
> >>>>>>>>> attributes/beans which are needed down the application,
I
> >>>>>>>>>                   
> >>>>>>>> check in all
> >>>>>>>>                 
> >>>>>>>>> JSPs and servlets that an old session is still 
> there by using
> >>>>>>>>> 		if (request.getSession(false)==null){
> >>>>>>>>>
> >>>>>>>>> response.sendRedirect(response.encodeRedirectURL("timeo
> >>>>>>>>>                   
> >> ut.jsp"));
> >>     
> >>>>>>>>>            }
> >>>>>>>>>
> >>>>>>>>> With IE all works fine, however with Firefox, it
seems that
> >>>>>>>>>                   
> >>>>>>>> the session
> >>>>>>>>                 
> >>>>>>>>> is re-initialised whenever the client/browser requests
a new
> >>>>>>>>>                   
> >>>>>>> page.  I
> >>>>>>>               
> >>>>>>>>> checked this by printing the session id in the log
on each
> >>>>>>>>>                   
> >>>>> page and
> >>>>>           
> >>>>>>>>> with IE it does not change, while with Firefox it
changes.
> >>>>>>>>>
> >>>>>>>>> I checked my firefox settings for cookies and all
look ok.
> >>>>>>>>>
> >>>>>>>>> Anybody has a clue of what I might be doing wrong?
> >>>>>>>>>
> >>>>>>>>> Regards,
> >>>>>>>>> Michael
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> ------------------------------------------------------------
> >>>>>>>>>                   
> >>>>>> ---------
> >>>>>>             
> >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>> For additional commands, e-mail: 
> users-help@tomcat.apache.org
> >>>>>>>>>
> >>>>>>>>>                   
> >>>>>>>> ------------------------------------------------------------
> >>>>>>>>                 
> >>>>> ---------
> >>>>>           
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>
> >>>>>>>>                 
> >>>>>>> ------------------------------------------------------------
> >>>>>>>               
> >>>> ---------
> >>>>         
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>
> >>>>>>>
> >>>>>>> ------------------------------------------------------------
> >>>>>>>               
> >>>> ---------
> >>>>         
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>
> >>>>>>>               
> >>>>>> ------------------------------------------------------------
> >>>>>>             
> >>> ---------
> >>>       
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>> ------------------------------------------------------------
> >>>>>>             
> >>> ---------
> >>>       
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>             
> >>>>> -----------------------------------------------------------
> >>>>>           
> >> ----------
> >>     
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>> Ce message avec ses documents attaches sont confidentiels 
> >>>>>           
> >> et a usage 
> >>     
> >>>>> exclusif du ou des destinataires. La responsabilite de 
> >>>>>           
> >> Fortis Banque 
> >>     
> >>>>> France ne peut en aucun cas etre engagee suite a un prejudice
> >>>>>           
> >>>> lie a un
> >>>>         
> >>>>> incident de securite, d'integrite, de virus ou a un 
> retard dans la 
> >>>>> transmission. De plus, ce document n'a aucune valeur 
> >>>>>           
> >>> contractuelle ou 
> >>>       
> >>>>> juridique; en particulier, aucune transaction commerciale ne
> >>>>>           
> >>>> peut etre
> >>>>         
> >>>>> basee exclusivement sur des emails.
> >>>>>
> >>>>> This message and its attachments are confidential; their use is

> >>>>> restricted to their recipient(s). Fortis Banque France 
> >>>>>           
> >>> cannot, in any 
> >>>       
> >>>>> way, be responsible for any prejudice linked to any incident
> >>>>>           
> >>>> regarding
> >>>>         
> >>>>> security, integrity, virus or delay in transmission. 
> >>>>>           
> >> Moreover, this 
> >>     
> >>>>> document has no contractual nor legal value whatsoever; in
> >>>>>           
> >>>> particular,
> >>>>         
> >>>>> no business transaction can, in any way, be based 
> exclusively on 
> >>>>> emails.
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> -----------------------------------------------------------
> >>>>>           
> >> ----------
> >>     
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>>           
> >>>> ------------------------------------------------------------
> >>>>         
> >> ---------
> >>     
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>         
> >>> 
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>       
> >> 
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >>     
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >   
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message