tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Sexton" <gsex...@mhsoftware.com>
Subject RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Fri, 17 Feb 2006 02:42:29 GMT
Just out of curiousity, why do your pages have two HEAD blocks (one at the
top, and one at the bottom of the page)?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  

> -----Original Message-----
> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
> Sent: Thursday, February 16, 2006 3:38 PM
> To: 'Tomcat Users List'
> Cc: devlists@hanik.com; 'George Sexton'; 'Joey Geiger'; 
> Chuck.Caldarale@unisys.com
> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> 
> Dear all,
> 
> Thanks for your replies to my problem.  However, I think the 
> discussion has
> been "diverted" into a debate totally irrelevant to the issue.
> 
> As far as Chuck's question whether this could be related to 
> the popup, this
> is not the case as the problem happens on other pages too, 
> even on index.jsp
> (first page)
> 
> Regarding Filip's email and monitoring HTTP Headers I am 
> impressed that it
> seems to work for you.  I run FireFox on Windows XP Pro SP2 
> and what happens
> is that when a page finishes loading, the session expires on 
> the server.
> When the user/browser requests another page the correct 
> session id is sent
> from the browser but the server detects that this session id 
> sent is no more
> valid (expired) and so we have a timeout.  However, this 
> behaviour, only
> occurs with FireFox.   I tried it from another PC with XP Pro 
> SP2 too but
> the problem is the same.  With IE, NetScape and Opera all is ok. 
> 
>  
> 
> I want to emphasize that this behaviour does not happen only 
> when switching
> from SSL to non-SSL or vice versa.  Even if I try to access 
> pages such as
> the About Us or the Contact Us the session expires again.  
> However, in that
> case the problem is not "visible" to the user since those pages do not
> contain any session specific data so even with a new session 
> it is ok.  Try
> the following though and you will see what I mean.  On 
> tophotelchoices.com
> do a search for a hotel.  Let the results be displayed and 
> then, go to the
> About Us page.  Then, click your browser's back button and 
> instead of going
> back to the search results you get a timeout (if you get 
> search results it
> will be from browser's cache, do a reload and you will get timeout).
> 
> Monitoring the HTTP headers for both IE and Firefox using 
> HttpAnalyzer for
> IE and LiveHttpHeaders for Firefox gives the following:
> 1) IE
> 
> (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1
> Accept:*/*
> Accept-Language:en-gb
> Accept-Encoding:gzip, deflate
> User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 
> SV1; .NET CLR
> 1.1.4322; InfoPath.1)
> Host:www.tophotelchoices.com
> Proxy-Connection:Keep-Alive
> Pragma:no-cache
> Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D
> 
> (Status-Line):HTTP/1.0 200 OK
> Date:Thu, 16 Feb 2006 22:09:18 GMT
> Server:Apache/1.3.33 (Unix) mod_jk/1.2.15
> Cache-Control:no-cache
> Pragma:no-cache
> Expires:Wed, 31 Dec 1969 23:59:59 GMT
> Content-Type:text/html;charset=UTF-8
> X-Cache:MISS from proxy01.spidernet.net
> X-Cache-Lookup:MISS from proxy01.spidernet.net:83
> Proxy-Connection:close
> 
> 2) FIREFOX:
> GET http://www.tophotelchoices.com/index.jsp HTTP/1.1
> Host: www.tophotelchoices.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12)
> Gecko/20050919 Firefox/1.0.7
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
,text/plain;q=
> 0.8,image/png,*/*;q=0.5
> Accept-Language: en-gb,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
> Referer: http://www.tophotelchoices.com/timeout.jsp
> Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358
> Cache-Control: max-age=0
> 
> HTTP/1.x 200 OK
> Date: Thu, 16 Feb 2006 22:12:27 GMT
> Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
> Cache-Control: no-cache
> Pragma: no-cache
> Expires: Wed, 31 Dec 1969 23:59:59 GMT
> Content-Type: text/html;charset=UTF-8
> X-Cache: MISS from proxy01.spidernet.net
> X-Cache-Lookup: MISS from proxy01.spidernet.net:83
> Proxy-Connection: close
> 
> Obviously, the response is the same in both cases, however, 
> for FireFox the
> important difference I see in Request is the one saying Cache-control:
> max-age=0 and also, the Keep-Alive value 300. I do not think 
> the Keep-Alive
> value is the problem, however, the Cache-Control: max-age=0 
> is suspicious.
> In my code I have 
> response.setHeader("Cache-Control","no-cache") but I think
> this is different.  Does anyone have a clue what the 
> max-age:0 is doing?
> 
> Your help will be greatly appreciated.
> 
> 
> Thanks and regards,
> Michael
> 
> >-----Original Message-----
> >From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com] 
> >Sent: 15 February 2006 22:16
> >To: Tomcat Users List
> >Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
> >
> >George Sexton wrote:
> >> Does the code transparently create a new JSessionID value then?
> >
> >George,
> >you might wanna rethink your comments, they don't shine any 
> >light on the issue and they for sure don't state any facts, 
> >let me prove you I am right. Below is the headers I tracked 
> >with LiveHttpHeaders, as you can see, JSESSIONID remains 
> >exactly the same in the browser request when the switch from 
> >HTTP to HTTPS happens.
> >This is Firefox on Fedora 4. The site works fine.
> >
> >This must be a browser issue, can you tell us a little bit 
> >more about what version and platform your browser is on.
> >
> >1. Request to the home - non secure
> >============================================================
> >http://www.tophotelchoices.com/
> >GET / HTTP/1.1
> >Host: www.tophotelchoices.com
> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
> >Gecko/20060124 Firefox/1.5.0.1
> >Accept: 
> >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> text/plain;q=0.8,image/png,*/*;q=0.5
> >Accept-Language: en-us,en;q=0.5
> >Accept-Encoding: gzip,deflate
> >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >Keep-Alive: 300
> >Connection: keep-alive
> >Referer: http://www.tophotelchoices.com/
> >
> >HTTP/1.x 200 OK
> >Date: Wed, 15 Feb 2006 20:08:55 GMT
> >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
> >Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
> >Cache-Control: no-cache
> >Pragma: no-cache
> >Expires: Wed, 31 Dec 1969 23:59:59 GMT
> >Keep-Alive: timeout=5, max=20
> >Connection: Keep-Alive
> >Transfer-Encoding: chunked
> >Content-Type: text/html;charset=UTF-8
> >
> >2. Click on the request button - switch from HTTP to HTTPS 
> >https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
> >GET /bookingServlet1?hotel=ASI HTTP/1.1
> >Host: www.tophotelchoices.com:443
> >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
> >Gecko/20060124 Firefox/1.5.0.1
> >Accept: 
> >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> text/plain;q=0.8,image/png,*/*;q=0.5
> >Accept-Language: en-us,en;q=0.5
> >Accept-Encoding: gzip,deflate
> >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> >Keep-Alive: 300
> >Connection: keep-alive
> >Referer: http://www.tophotelchoices.com/searchResults.jsp
> >Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF
> >
> >HTTP/1.x 200 OK
> >Date: Wed, 15 Feb 2006 20:11:54 GMT
> >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
> >Cache-Control: no-cache
> >Pragma: no-cache
> >Expires: Wed, 31 Dec 1969 23:59:59 GMT
> >Keep-Alive: timeout=5, max=20
> >Connection: Keep-Alive
> >Transfer-Encoding: chunked
> >Content-Type: text/html;charset=UTF-8
> >
> >
> >George Sexton wrote:
> >> Does the code transparently create a new JSessionID value then?
> >>
> >> George Sexton
> >> MH Software, Inc.
> >> http://www.mhsoftware.com/
> >> Voice: 303 438 9585
> >>
> >>
> >>> -----Original Message-----
> >>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
> >>> Sent: Wednesday, February 15, 2006 12:48 PM
> >>> To: Tomcat Users List
> >>> Subject: Re: Session Expires At Every Request 
> (Tomcat5.0.28/Firefox)
> >>>
> >>> sessions started in non-ssl mode should carry over to 
> SSL, but not 
> >>> the other way around.
> >>> Filip
> >>>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message