tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Wed, 15 Feb 2006 20:16:01 GMT
George Sexton wrote:
> Does the code transparently create a new JSessionID value then?

George,
you might wanna rethink your comments, they don't shine any light on the 
issue and they for sure don't state any facts, let me prove you I am 
right. Below is the headers I tracked with LiveHttpHeaders, as you can 
see, JSESSIONID remains exactly the same in the browser request when the 
switch from HTTP to HTTPS happens.
This is Firefox on Fedora 4. The site works fine.

This must be a browser issue, can you tell us a little bit more about 
what version and platform your browser is on.

1. Request to the home - non secure
============================================================
http://www.tophotelchoices.com/
GET / HTTP/1.1
Host: www.tophotelchoices.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) 
Gecko/20060124 Firefox/1.5.0.1
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.tophotelchoices.com/

HTTP/1.x 200 OK
Date: Wed, 15 Feb 2006 20:08:55 GMT
Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=5, max=20
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8

2. Click on the request button - switch from HTTP to HTTPS
https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
GET /bookingServlet1?hotel=ASI HTTP/1.1
Host: www.tophotelchoices.com:443
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) 
Gecko/20060124 Firefox/1.5.0.1
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.tophotelchoices.com/searchResults.jsp
Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF

HTTP/1.x 200 OK
Date: Wed, 15 Feb 2006 20:11:54 GMT
Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
Cache-Control: no-cache
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Keep-Alive: timeout=5, max=20
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8


George Sexton wrote:
> Does the code transparently create a new JSessionID value then?
>
> George Sexton
> MH Software, Inc.
> http://www.mhsoftware.com/
> Voice: 303 438 9585
>
>
>> -----Original Message-----
>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>> Sent: Wednesday, February 15, 2006 12:48 PM
>> To: Tomcat Users List
>> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>
>> sessions started in non-ssl mode should carry over to SSL,
>> but not the
>> other way around.
>> Filip
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message