From users-return-140634-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org Wed Feb 15 18:18:02 2006 Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 15045 invoked from network); 15 Feb 2006 18:18:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 15 Feb 2006 18:18:02 -0000 Received: (qmail 40622 invoked by uid 500); 15 Feb 2006 18:17:47 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 40301 invoked by uid 500); 15 Feb 2006 18:17:46 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 40290 invoked by uid 99); 15 Feb 2006 18:17:46 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2006 10:17:46 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [216.17.130.186] (HELO mail.mhsoftware.com) (216.17.130.186) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2006 10:17:44 -0800 Received: from localhost (localhost [127.0.0.1]) by mail.mhsoftware.com (Postfix) with ESMTP id 20E9178249; Wed, 15 Feb 2006 11:17:24 -0700 (MST) Received: from mail.mhsoftware.com ([127.0.0.1]) by localhost (hagrid [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14038-10; Wed, 15 Feb 2006 11:17:23 -0700 (MST) Received: from emp00 (c-24-8-34-101.hsd1.co.comcast.net [24.8.34.101]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by mail.mhsoftware.com (Postfix) with ESMTP id BC94477E8E; Wed, 15 Feb 2006 11:17:21 -0700 (MST) From: "George Sexton" To: "'Tomcat Users List'" , , , Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) Date: Wed, 15 Feb 2006 11:17:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <000001c6325a$00e5e670$657ba8c0@MAONX8220> Thread-Index: AcYyRmWUrFZ4yDfmSoCP4PeVBWAs8gAAKb9gAAOfLxAAAQzn4AAAbIRg X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Message-Id: <20060215181721.BC94477E8E@mail.mhsoftware.com> X-Virus-Scanned: amavisd-new at mhsoftware.com X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N You do realize that sessions don't carry over between SSL and non-SSL request don't you? You can't have a session ID that carries over from a non-ssl session to an SSL session because that session ID is compromised (it has been exposed) as plain text. As an aside, I looked at your form. You should really use HttpServletRequest.getLocale() to pick up your user's locale and then provide date formatting for the user locale. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 > -----Original Message----- > From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > Sent: Wednesday, February 15, 2006 11:03 AM > To: 'Tomcat Users List'; edyke@vrs.state.va.us; > alexandre.tastet@fr.fortisbank.com > Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > As the problem occurs with a live site, you can see it yourself at > www.tophotelchoices.com. Do a search for any hotel. You > will see the > results. By the time the results page is loaded your session > has expired > but you do not know. Click on the "Book" or "Request" button > of any hotel > and you will see the Timeout page. > > Remember that the above only happens with FireFox. > > I will greatly appreciate your help. > > >-----Original Message----- > >From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >Sent: 15 February 2006 19:45 > >To: edyke@vrs.state.va.us; alexandre.tastet@fr.fortisbank.com > >Cc: 'Tomcat Users List' > >Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > > >I tried with NetScape and Opera to see what happens. > > > >For NetScape the first time I tried it was ok up to the stage > >that I switched to SSL. At that step, I lost my session. > >After trying several times again I noticed NetScape was ok. > > > >With Opera all works fine, like with IE, from the beginning. > > > >So major problem is still FireFox and it must be something > >that it sends (or not sends) back to Tomcat that causes > >session expiration. > > > >Thanks for your assistance. > > > >Michael > > > >>-----Original Message----- > >>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >>Sent: 15 February 2006 17:48 > >>To: 'Tomcat Users List' > >>Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >> > >>Not at the stage that this problem occurs. SSL is used > >further on when > >>the user logs in to make a payment but the SSL pages are > >never reached > >>with FireFox because of the early timeout. With IE all is ok, > >>including SSL connections. > >> > >>>-----Original Message----- > >>>From: alexandre.tastet@fr.fortisbank.com > >>>[mailto:alexandre.tastet@fr.fortisbank.com] > >>>Sent: 15 February 2006 17:43 > >>>To: 'Tomcat Users List' > >>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>> > >>>Are you using SSL connection ? > >>> > >>>-----Message d'origine----- > >>>De : > >>>users-return-140612-alexandre.tastet=fr.fortisbank.com@tomcat.a > >>pache.org > >>>[mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@ > >>tomcat.ap > >>>ache.org]De la part de Michael Andreas Omerou Envoye : > >>>mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List' > >>>Objet : RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >>> > >>> > >>>It is 30 minutes. If I do > >>>request.getSession().getMaxInactiveInterval() I get 1800 (seconds I > >>>guess) which is the correct value for 30 minutes. > >>> > >>>Michael > >>> > >>>>-----Original Message----- > >>>>From: Earnie Dyke [mailto:edyke@vrs.state.va.us] > >>>>Sent: 15 February 2006 17:25 > >>>>To: Tomcat Users List > >>>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>> > >>>>The META tags should not have an effect on cookies. Firefox > >>would not > >>>>be the one that expires your session, Tomcat would. > >>>>Do you have a session timeout specified in your application? > >>>> > >>>>Earnie! > >>>> > >>>>-----Original Message----- > >>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >>>>Sent: Wednesday, February 15, 2006 10:19 AM > >>>>To: 'Tomcat Users List' > >>>>Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>> > >>>> > >>>>Hi Earnie, > >>>> > >>>>Cookies are allowed at the browser. It seems for some > >>reason that at > >>>>then end of loading each JSP firefox expires my session. I > >use some > >>>>meta tags ( >>>CONTENT="No-Cache">, >>>>HTTP-EQUIV="Pragma" CONTENT="No-Cache">, HTTP-EQUIV="Expires" > >>>>CONTENT="-1">) and also set the corresponding header values using > >>>>response.setHeader but even if I remove them nothing changes. > >>>> > >>>>Michael > >>>> > >>>>>-----Original Message----- > >>>>>From: Earnie Dyke [mailto:edyke@vrs.state.va.us] > >>>>>Sent: 15 February 2006 17:10 > >>>>>To: Tomcat Users List > >>>>>Subject: RE: Session Expires At Every Request > >(Tomcat5.0.28/Firefox) > >>>>> > >>>>>Are you blocking cookies at the browser? > >>>>> > >>>>>Earnie! > >>>>> > >>>>>-----Original Message----- > >>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >>>>>Sent: Wednesday, February 15, 2006 10:06 AM > >>>>>To: 'Tomcat Users List' > >>>>>Subject: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >>>>> > >>>>> > >>>>> Anybody has an idea what could be causing what I describe in > >>>>the below > >>>>>two emails? > >>>>> > >>>>>>-----Original Message----- > >>>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >>>>>>Sent: 15 February 2006 13:10 > >>>>>>To: 'Tomcat Users List' > >>>>>>Subject: RE: Session Problems with Firefox > >>>>>> > >>>>>>Further to my below email I have put in some code to check > >>the HTTP > >>>>>>headers in each case (IE and FireFox). > >>>>>> > >>>>>>These are: > >>>>>> > >>>>>>IE > >>>>>>accept: */* > >>>>>>accept-language: en-gb > >>>>>>accept-encoding: gzip, deflate > >>>>>>user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > >>5.1; SV1; > >>>>>>.NET CLR 1.1.4322; InfoPath.1) > >>>>>>host: localhost > >>>>>>connection: Keep-Alive > >>>>>>cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320 > >>>>>> > >>>>>>FireFox > >>>>>>host: localhost > >>>>>>user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; > >>>>rv:1.7.12) > >>>>>>Gecko/20050919 Firefox/1.0.7 > >>>>>>accept: > >>>>>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, > >>>>>text/plain;q= > >>>>>>0.8,image/png,*/*;q=0.5 > >>>>>>accept-language: en-gb,en;q=0.5 > >>>>>>accept-encoding: gzip,deflate > >>>>>>accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >>>>>>keep-alive: 300 > >>>>>>connection: keep-alive > >>>>>>cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6 > >>>>>>cache-control: max-age=0 > >>>>>> > >>>>>> > >>>>>>I wonder whether the keep-alive which exists in the case of > >>>>>FireFox but > >>>>>>not in the case of IE could be the cause of my problems. > >>>>>> > >>>>>>Michael > >>>>>> > >>>>>> > >>>>>> > >>>>>>>-----Original Message----- > >>>>>>>From: Michael Andreas Omerou [mailto:mao@simplexsoftware.com] > >>>>>>>Sent: 15 February 2006 11:27 > >>>>>>>To: users@tomcat.apache.org > >>>>>>>Subject: Session Problems with Firefox > >>>>>>> > >>>>>>>Hello, > >>>>>>> > >>>>>>>I have some problems with session management when our > >application > >>>>>>>runsin Firefox. > >>>>>>> > >>>>>>>Basically, what happens is that after I set in the > session some > >>>>>>>attributes/beans which are needed down the application, I > >>>>>>check in all > >>>>>>>JSPs and servlets that an old session is still there by using > >>>>>>> if (request.getSession(false)==null){ > >>>>>>> > >>>>>>>response.sendRedirect(response.encodeRedirectURL("timeo > ut.jsp")); > >>>>>>> > >>>>>>> } > >>>>>>> > >>>>>>>With IE all works fine, however with Firefox, it seems that > >>>>>>the session > >>>>>>>is re-initialised whenever the client/browser requests a new > >>>>>page. I > >>>>>>>checked this by printing the session id in the log on each > >>>page and > >>>>>>>with IE it does not change, while with Firefox it changes. > >>>>>>> > >>>>>>>I checked my firefox settings for cookies and all look ok. > >>>>>>> > >>>>>>>Anybody has a clue of what I might be doing wrong? > >>>>>>> > >>>>>>>Regards, > >>>>>>>Michael > >>>>>>> > >>>>>>> > >>>>>>>------------------------------------------------------------ > >>>>--------- > >>>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>>>>> > >>>>>> > >>>>>> > >>>>>>------------------------------------------------------------ > >>>--------- > >>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>>>> > >>>>> > >>>>> > >>>>>------------------------------------------------------------ > >>--------- > >>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>>> > >>>>> > >>>>>------------------------------------------------------------ > >>--------- > >>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>>> > >>>> > >>>> > >>>>------------------------------------------------------------ > >--------- > >>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>> > >>>> > >>>>------------------------------------------------------------ > >--------- > >>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>>For additional commands, e-mail: users-help@tomcat.apache.org > >>>> > >>> > >>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>For additional commands, e-mail: users-help@tomcat.apache.org > >>> > >>>Ce message avec ses documents attaches sont confidentiels > et a usage > >>>exclusif du ou des destinataires. La responsabilite de > Fortis Banque > >>>France ne peut en aucun cas etre engagee suite a un prejudice > >>lie a un > >>>incident de securite, d'integrite, de virus ou a un retard dans la > >>>transmission. De plus, ce document n'a aucune valeur > >contractuelle ou > >>>juridique; en particulier, aucune transaction commerciale ne > >>peut etre > >>>basee exclusivement sur des emails. > >>> > >>>This message and its attachments are confidential; their use is > >>>restricted to their recipient(s). Fortis Banque France > >cannot, in any > >>>way, be responsible for any prejudice linked to any incident > >>regarding > >>>security, integrity, virus or delay in transmission. > Moreover, this > >>>document has no contractual nor legal value whatsoever; in > >>particular, > >>>no business transaction can, in any way, be based exclusively on > >>>emails. > >>> > >>> > >>> > >>> > >>>----------------------------------------------------------- > ---------- > >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>>For additional commands, e-mail: users-help@tomcat.apache.org > >>> > >> > >> > >>------------------------------------------------------------ > --------- > >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >>For additional commands, e-mail: users-help@tomcat.apache.org > >> > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > >For additional commands, e-mail: users-help@tomcat.apache.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org