tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Tomcat creates a jsessionid cookie when session timeouts
Date Wed, 26 Jul 2006 14:11:09 GMT
By the way, this behaviour only happens in Mozilla/Firefox, it does not 
happen in Internet Explorer.

Luís Amorim

26-07-2006 13:10
Please respond to "Tomcat Users List"
        Subject:        Tomcat creates a jsessionid cookie when session 

Hi there.

I have the following problem occuring in my web application.
I am using struts and I am using the url rewriting method for session 
maintenance, but when a timeout occurs the tomcat application server sets 
a cookie named jsessionid (used for session tracking purposes) with a new 
session id value before redirecting the user to the login page. This 
jsessionid cookie value does not match the previous session id, it is a 
new one.

When the user logs in again after the timeout, a new HttpSession object is 

created in the login process with a new session id, storing the user 
information in a variable in that HttpSession object. However, after the 
initial login process, the application server always gets the session from 

the id provided by the cookie created when the timeout occured, causing an 

error to occur because there is no user information in that session.

The problem resides in the cookie created when the timeout occurs. Does 
tomcat create a cookie every time a timeout happens? I think this is a 
tomcat issue. Until now I've been unable to solve the problem and I 
haven't found a way to disable cookie session tracking in tomcat.

Can anyone please help me solve this problem? Does tomcat always creates a 

jsessionid cookie when a timeout occurs or this just happens in my web 
app? And if this is a tomcat issue, how do I disallow this (if it is 
possible, anyway)?

Luis Amorim

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message