tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Wed, 15 Feb 2006 19:48:29 GMT
sessions started in non-ssl mode should carry over to SSL, but not the 
other way around.
Filip


Joey Geiger wrote:
>>> You do realize that sessions don't carry over between SSL and non-SSL
>>> request don't you?
>>>       
>
> What is the proper/best way to go about this then, since I will be facing a
> similar situation in the near future? (Shopping cart bean, customer bean
> saved in the session.)
>
> Thanks.
>
>
> -----Original Message-----
> From: George Sexton [mailto:gsexton@mhsoftware.com] 
> Sent: Wednesday, February 15, 2006 12:17 PM
> To: 'Tomcat Users List'; mao@simplexsoftware.com; edyke@vrs.state.va.us;
> alexandre.tastet@fr.fortisbank.com
> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>
> You do realize that sessions don't carry over between SSL and non-SSL
> request don't you?
>
> You can't have a session ID that carries over from a non-ssl session to an
> SSL session because that session ID is compromised (it has been exposed) as
> plain text.
>
> As an aside, I looked at your form. You should really use
> HttpServletRequest.getLocale() to pick up your user's locale and then
> provide date formatting for the user locale.
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>   
>
>   
>> -----Original Message-----
>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
>> Sent: Wednesday, February 15, 2006 11:03 AM
>> To: 'Tomcat Users List'; edyke@vrs.state.va.us; 
>> alexandre.tastet@fr.fortisbank.com
>> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>
>> As the problem occurs with a live site, you can see it yourself at
>> www.tophotelchoices.com.  Do a search for any hotel.   You 
>> will see the
>> results.  By the time the results page is loaded your session 
>> has expired
>> but you do not know.  Click on the "Book" or "Request" button 
>> of any hotel
>> and you will see the Timeout page.
>>
>> Remember that the above only happens with FireFox.
>>
>> I will greatly appreciate your help.
>>
>>     
>>> -----Original Message-----
>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] 
>>> Sent: 15 February 2006 19:45
>>> To: edyke@vrs.state.va.us; alexandre.tastet@fr.fortisbank.com
>>> Cc: 'Tomcat Users List'
>>> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>
>>> I tried with NetScape and Opera to see what happens.  
>>>
>>> For NetScape the first time I tried it was ok up to the stage 
>>> that I switched to SSL.  At that step, I lost my session.  
>>> After trying several times again I noticed NetScape was ok.
>>>
>>> With Opera all works fine, like with IE, from the beginning.
>>>
>>> So major problem is still FireFox and it must be something 
>>> that it sends (or not sends) back to Tomcat that causes 
>>> session expiration.
>>>
>>> Thanks for your assistance.
>>>
>>> Michael
>>>
>>>       
>>>> -----Original Message-----
>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>>>> Sent: 15 February 2006 17:48
>>>> To: 'Tomcat Users List'
>>>> Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>>
>>>> Not at the stage that this problem occurs.  SSL is used 
>>>>         
>>> further on when 
>>>       
>>>> the user logs in to make a payment but the SSL pages are 
>>>>         
>>> never reached 
>>>       
>>>> with FireFox because of the early timeout.  With IE all is ok, 
>>>> including SSL connections.
>>>>
>>>>         
>>>>> -----Original Message-----
>>>>> From: alexandre.tastet@fr.fortisbank.com
>>>>> [mailto:alexandre.tastet@fr.fortisbank.com]
>>>>> Sent: 15 February 2006 17:43
>>>>> To: 'Tomcat Users List'
>>>>> Subject: RE: Session Expires At Every Request 
>>>>>           
>> (Tomcat5.0.28/Firefox)
>>     
>>>>> Are you using SSL connection ?
>>>>>
>>>>> -----Message d'origine-----
>>>>> De :
>>>>> users-return-140612-alexandre.tastet=fr.fortisbank.com@tomcat.a
>>>>>           
>>>> pache.org
>>>>         
>>>>> [mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@
>>>>>           
>>>> tomcat.ap
>>>>         
>>>>> ache.org]De la part de Michael Andreas Omerou Envoye : 
>>>>> mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List'
>>>>> Objet : RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>>>
>>>>>
>>>>> It is 30 minutes.  If I do
>>>>> request.getSession().getMaxInactiveInterval() I get 1800 (seconds I
>>>>> guess) which is the correct value for 30 minutes.
>>>>>
>>>>> Michael
>>>>>
>>>>>           
>>>>>> -----Original Message-----
>>>>>> From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
>>>>>> Sent: 15 February 2006 17:25
>>>>>> To: Tomcat Users List
>>>>>> Subject: RE: Session Expires At Every Request 
>>>>>>             
>> (Tomcat5.0.28/Firefox)
>>     
>>>>>> The META tags should not have an effect on cookies. Firefox
>>>>>>             
>>>> would not
>>>>         
>>>>>> be the one that expires your session, Tomcat would.
>>>>>> Do you have a session timeout specified in your application?
>>>>>>
>>>>>> Earnie!
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>>>>>> Sent: Wednesday, February 15, 2006 10:19 AM
>>>>>> To: 'Tomcat Users List'
>>>>>> Subject: RE: Session Expires At Every Request 
>>>>>>             
>> (Tomcat5.0.28/Firefox)
>>     
>>>>>> Hi Earnie,
>>>>>>
>>>>>> Cookies are allowed at the browser.  It seems for some
>>>>>>             
>>>> reason that at
>>>>         
>>>>>> then end of loading each JSP firefox expires my session.  I 
>>>>>>             
>>> use some 
>>>       
>>>>>> meta tags (<META HTTP-EQUIV="Cache-Control"
>>>>>>             
>>>>> CONTENT="No-Cache">, <META
>>>>>           
>>>>>> HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META 
>>>>>>             
>> HTTP-EQUIV="Expires"
>>     
>>>>>> CONTENT="-1">) and also set the corresponding header values using

>>>>>> response.setHeader but even if I remove them nothing changes.
>>>>>>
>>>>>> Michael
>>>>>>
>>>>>>             
>>>>>>> -----Original Message-----
>>>>>>> From: Earnie Dyke [mailto:edyke@vrs.state.va.us]
>>>>>>> Sent: 15 February 2006 17:10
>>>>>>> To: Tomcat Users List
>>>>>>> Subject: RE: Session Expires At Every Request 
>>>>>>>               
>>> (Tomcat5.0.28/Firefox)
>>>       
>>>>>>> Are you blocking cookies at the browser?
>>>>>>>
>>>>>>> Earnie!
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>>>>>>> Sent: Wednesday, February 15, 2006 10:06 AM
>>>>>>> To: 'Tomcat Users List'
>>>>>>> Subject: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>>>>>
>>>>>>>
>>>>>>> Anybody has an idea what could be causing what I describe in
>>>>>>>               
>>>>>> the below
>>>>>>             
>>>>>>> two emails?
>>>>>>>
>>>>>>>               
>>>>>>>> -----Original Message-----
>>>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>>>>>>>> Sent: 15 February 2006 13:10
>>>>>>>> To: 'Tomcat Users List'
>>>>>>>> Subject: RE: Session Problems with Firefox
>>>>>>>>
>>>>>>>> Further to my below email I have put in some code to check
>>>>>>>>                 
>>>> the HTTP
>>>>         
>>>>>>>> headers in each case (IE and FireFox).
>>>>>>>>
>>>>>>>> These are:
>>>>>>>>
>>>>>>>> IE
>>>>>>>> accept: */*
>>>>>>>> accept-language: en-gb
>>>>>>>> accept-encoding: gzip, deflate
>>>>>>>> user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
>>>>>>>>                 
>>>> 5.1; SV1;
>>>>         
>>>>>>>> .NET CLR 1.1.4322; InfoPath.1)
>>>>>>>> host: localhost
>>>>>>>> connection: Keep-Alive
>>>>>>>> cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320
>>>>>>>>
>>>>>>>> FireFox
>>>>>>>> host: localhost
>>>>>>>> user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
>>>>>>>>                 
>>>>>> rv:1.7.12)
>>>>>>             
>>>>>>>> Gecko/20050919 Firefox/1.0.7
>>>>>>>> accept:
>>>>>>>> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
>>>>>>>>                 
>>>>>>> text/plain;q=
>>>>>>>               
>>>>>>>> 0.8,image/png,*/*;q=0.5
>>>>>>>> accept-language: en-gb,en;q=0.5
>>>>>>>> accept-encoding: gzip,deflate
>>>>>>>> accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>>>>>>> keep-alive: 300
>>>>>>>> connection: keep-alive
>>>>>>>> cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6
>>>>>>>> cache-control: max-age=0
>>>>>>>>
>>>>>>>>
>>>>>>>> I wonder whether the keep-alive which exists in the case
of
>>>>>>>>                 
>>>>>>> FireFox but
>>>>>>>               
>>>>>>>> not in the case of IE could be the cause of my problems.
>>>>>>>>
>>>>>>>> Michael
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com]
>>>>>>>>> Sent: 15 February 2006 11:27
>>>>>>>>> To: users@tomcat.apache.org
>>>>>>>>> Subject: Session Problems with Firefox
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I have some problems with session management when our

>>>>>>>>>                   
>>> application 
>>>       
>>>>>>>>> runsin Firefox.
>>>>>>>>>
>>>>>>>>> Basically, what happens is that after I set in the 
>>>>>>>>>                   
>> session some 
>>     
>>>>>>>>> attributes/beans which are needed down the application,
I
>>>>>>>>>                   
>>>>>>>> check in all
>>>>>>>>                 
>>>>>>>>> JSPs and servlets that an old session is still there
by using
>>>>>>>>> 		if (request.getSession(false)==null){
>>>>>>>>>
>>>>>>>>> response.sendRedirect(response.encodeRedirectURL("timeo
>>>>>>>>>                   
>> ut.jsp"));
>>     
>>>>>>>>>            }
>>>>>>>>>
>>>>>>>>> With IE all works fine, however with Firefox, it seems
that
>>>>>>>>>                   
>>>>>>>> the session
>>>>>>>>                 
>>>>>>>>> is re-initialised whenever the client/browser requests
a new
>>>>>>>>>                   
>>>>>>> page.  I
>>>>>>>               
>>>>>>>>> checked this by printing the session id in the log on
each
>>>>>>>>>                   
>>>>> page and
>>>>>           
>>>>>>>>> with IE it does not change, while with Firefox it changes.
>>>>>>>>>
>>>>>>>>> I checked my firefox settings for cookies and all look
ok.
>>>>>>>>>
>>>>>>>>> Anybody has a clue of what I might be doing wrong?
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Michael
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>                   
>>>>>> ---------
>>>>>>             
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>> ------------------------------------------------------------
>>>>>>>>                 
>>>>> ---------
>>>>>           
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>                 
>>>>>>> ------------------------------------------------------------
>>>>>>>               
>>>> ---------
>>>>         
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------
>>>>>>>               
>>>> ---------
>>>>         
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>>               
>>>>>> ------------------------------------------------------------
>>>>>>             
>>> ---------
>>>       
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------
>>>>>>             
>>> ---------
>>>       
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>             
>>>>> -----------------------------------------------------------
>>>>>           
>> ----------
>>     
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>> Ce message avec ses documents attaches sont confidentiels 
>>>>>           
>> et a usage 
>>     
>>>>> exclusif du ou des destinataires. La responsabilite de 
>>>>>           
>> Fortis Banque 
>>     
>>>>> France ne peut en aucun cas etre engagee suite a un prejudice
>>>>>           
>>>> lie a un
>>>>         
>>>>> incident de securite, d'integrite, de virus ou a un retard dans la 
>>>>> transmission. De plus, ce document n'a aucune valeur 
>>>>>           
>>> contractuelle ou 
>>>       
>>>>> juridique; en particulier, aucune transaction commerciale ne
>>>>>           
>>>> peut etre
>>>>         
>>>>> basee exclusivement sur des emails.
>>>>>
>>>>> This message and its attachments are confidential; their use is 
>>>>> restricted to their recipient(s). Fortis Banque France 
>>>>>           
>>> cannot, in any 
>>>       
>>>>> way, be responsible for any prejudice linked to any incident
>>>>>           
>>>> regarding
>>>>         
>>>>> security, integrity, virus or delay in transmission. 
>>>>>           
>> Moreover, this 
>>     
>>>>> document has no contractual nor legal value whatsoever; in
>>>>>           
>>>> particular,
>>>>         
>>>>> no business transaction can, in any way, be based exclusively on 
>>>>> emails.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -----------------------------------------------------------
>>>>>           
>> ----------
>>     
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>           
>>>> ------------------------------------------------------------
>>>>         
>> ---------
>>     
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>         
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>       
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message