tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
Date Fri, 17 Feb 2006 04:02:55 GMT

"Michael Andreas Omerou" <mao@simplexsoftware.com> wrote in message 
news:000d01c63349$b56126b0$657ba8c0@MAONX8220...
> Dear all,
>
> Thanks for your replies to my problem.  However, I think the discussion 
> has
> been "diverted" into a debate totally irrelevant to the issue.
>

Not that I'm all that interested, but just to push this along, what are the 
Cookie properties in FireFox after you request a page?

Personally, I'm betting that FireFox is probably applying your 
cache-control/max-age headers to the Cookies as well as to the page itself.

> As far as Chuck's question whether this could be related to the popup, 
> this
> is not the case as the problem happens on other pages too, even on 
> index.jsp
> (first page)
>
> Regarding Filip's email and monitoring HTTP Headers I am impressed that it
> seems to work for you.  I run FireFox on Windows XP Pro SP2 and what 
> happens
> is that when a page finishes loading, the session expires on the server.
> When the user/browser requests another page the correct session id is sent
> from the browser but the server detects that this session id sent is no 
> more
> valid (expired) and so we have a timeout.  However, this behaviour, only
> occurs with FireFox.   I tried it from another PC with XP Pro SP2 too but
> the problem is the same.  With IE, NetScape and Opera all is ok.
>
>
>
> I want to emphasize that this behaviour does not happen only when 
> switching
> from SSL to non-SSL or vice versa.  Even if I try to access pages such as
> the About Us or the Contact Us the session expires again.  However, in 
> that
> case the problem is not "visible" to the user since those pages do not
> contain any session specific data so even with a new session it is ok. 
> Try
> the following though and you will see what I mean.  On tophotelchoices.com
> do a search for a hotel.  Let the results be displayed and then, go to the
> About Us page.  Then, click your browser's back button and instead of 
> going
> back to the search results you get a timeout (if you get search results it
> will be from browser's cache, do a reload and you will get timeout).
>
> Monitoring the HTTP headers for both IE and Firefox using HttpAnalyzer for
> IE and LiveHttpHeaders for Firefox gives the following:
> 1) IE
>
> (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1
> Accept:*/*
> Accept-Language:en-gb
> Accept-Encoding:gzip, deflate
> User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET 
> CLR
> 1.1.4322; InfoPath.1)
> Host:www.tophotelchoices.com
> Proxy-Connection:Keep-Alive
> Pragma:no-cache
> Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D
>
> (Status-Line):HTTP/1.0 200 OK
> Date:Thu, 16 Feb 2006 22:09:18 GMT
> Server:Apache/1.3.33 (Unix) mod_jk/1.2.15
> Cache-Control:no-cache
> Pragma:no-cache
> Expires:Wed, 31 Dec 1969 23:59:59 GMT
> Content-Type:text/html;charset=UTF-8
> X-Cache:MISS from proxy01.spidernet.net
> X-Cache-Lookup:MISS from proxy01.spidernet.net:83
> Proxy-Connection:close
>
> 2) FIREFOX:
> GET http://www.tophotelchoices.com/index.jsp HTTP/1.1
> Host: www.tophotelchoices.com
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12)
> Gecko/20050919 Firefox/1.0.7
> Accept:
> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=
> 0.8,image/png,*/*;q=0.5
> Accept-Language: en-gb,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Proxy-Connection: keep-alive
> Referer: http://www.tophotelchoices.com/timeout.jsp
> Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358
> Cache-Control: max-age=0
>
> HTTP/1.x 200 OK
> Date: Thu, 16 Feb 2006 22:12:27 GMT
> Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
> Cache-Control: no-cache
> Pragma: no-cache
> Expires: Wed, 31 Dec 1969 23:59:59 GMT
> Content-Type: text/html;charset=UTF-8
> X-Cache: MISS from proxy01.spidernet.net
> X-Cache-Lookup: MISS from proxy01.spidernet.net:83
> Proxy-Connection: close
>
> Obviously, the response is the same in both cases, however, for FireFox 
> the
> important difference I see in Request is the one saying Cache-control:
> max-age=0 and also, the Keep-Alive value 300. I do not think the 
> Keep-Alive
> value is the problem, however, the Cache-Control: max-age=0 is suspicious.
> In my code I have response.setHeader("Cache-Control","no-cache") but I 
> think
> this is different.  Does anyone have a clue what the max-age:0 is doing?
>
> Your help will be greatly appreciated.
>
>
> Thanks and regards,
> Michael
>
>>-----Original Message-----
>>From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>>Sent: 15 February 2006 22:16
>>To: Tomcat Users List
>>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>
>>George Sexton wrote:
>>> Does the code transparently create a new JSessionID value then?
>>
>>George,
>>you might wanna rethink your comments, they don't shine any
>>light on the issue and they for sure don't state any facts,
>>let me prove you I am right. Below is the headers I tracked
>>with LiveHttpHeaders, as you can see, JSESSIONID remains
>>exactly the same in the browser request when the switch from
>>HTTP to HTTPS happens.
>>This is Firefox on Fedora 4. The site works fine.
>>
>>This must be a browser issue, can you tell us a little bit
>>more about what version and platform your browser is on.
>>
>>1. Request to the home - non secure
>>============================================================
>>http://www.tophotelchoices.com/
>>GET / HTTP/1.1
>>Host: www.tophotelchoices.com
>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>>Gecko/20060124 Firefox/1.5.0.1
>>Accept:
>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> text/plain;q=0.8,image/png,*/*;q=0.5
>>Accept-Language: en-us,en;q=0.5
>>Accept-Encoding: gzip,deflate
>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>Keep-Alive: 300
>>Connection: keep-alive
>>Referer: http://www.tophotelchoices.com/
>>
>>HTTP/1.x 200 OK
>>Date: Wed, 15 Feb 2006 20:08:55 GMT
>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>>Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/
>>Cache-Control: no-cache
>>Pragma: no-cache
>>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>>Keep-Alive: timeout=5, max=20
>>Connection: Keep-Alive
>>Transfer-Encoding: chunked
>>Content-Type: text/html;charset=UTF-8
>>
>>2. Click on the request button - switch from HTTP to HTTPS
>>https://www.tophotelchoices.com/bookingServlet1?hotel=ASI
>>GET /bookingServlet1?hotel=ASI HTTP/1.1
>>Host: www.tophotelchoices.com:443
>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1)
>>Gecko/20060124 Firefox/1.5.0.1
>>Accept:
>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
> text/plain;q=0.8,image/png,*/*;q=0.5
>>Accept-Language: en-us,en;q=0.5
>>Accept-Encoding: gzip,deflate
>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>>Keep-Alive: 300
>>Connection: keep-alive
>>Referer: http://www.tophotelchoices.com/searchResults.jsp
>>Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF
>>
>>HTTP/1.x 200 OK
>>Date: Wed, 15 Feb 2006 20:11:54 GMT
>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15
>>Cache-Control: no-cache
>>Pragma: no-cache
>>Expires: Wed, 31 Dec 1969 23:59:59 GMT
>>Keep-Alive: timeout=5, max=20
>>Connection: Keep-Alive
>>Transfer-Encoding: chunked
>>Content-Type: text/html;charset=UTF-8
>>
>>
>>George Sexton wrote:
>>> Does the code transparently create a new JSessionID value then?
>>>
>>> George Sexton
>>> MH Software, Inc.
>>> http://www.mhsoftware.com/
>>> Voice: 303 438 9585
>>>
>>>
>>>> -----Original Message-----
>>>> From: Filip Hanik - Dev Lists [mailto:devlists@hanik.com]
>>>> Sent: Wednesday, February 15, 2006 12:48 PM
>>>> To: Tomcat Users List
>>>> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)
>>>>
>>>> sessions started in non-ssl mode should carry over to SSL, but not
>>>> the other way around.
>>>> Filip
>>>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message