tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Tomcat creates a jsessionid cookie when session timeouts
Date Wed, 26 Jul 2006 12:10:04 GMT
Hi there.

I have the following problem occuring in my web application.
I am using struts and I am using the url rewriting method for session 
maintenance, but when a timeout occurs the tomcat application server sets 
a cookie named jsessionid (used for session tracking purposes) with a new 
session id value before redirecting the user to the login page. This 
jsessionid cookie value does not match the previous session id, it is a 
new one.

When the user logs in again after the timeout, a new HttpSession object is 
created in the login process with a new session id, storing the user 
information in a variable in that HttpSession object. However, after the 
initial login process, the application server always gets the session from 
the id provided by the cookie created when the timeout occured, causing an 
error to occur because there is no user information in that session.

The problem resides in the cookie created when the timeout occurs. Does 
tomcat create a cookie every time a timeout happens? I think this is a 
tomcat issue. Until now I've been unable to solve the problem and I 
haven't found a way to disable cookie session tracking in tomcat.

Can anyone please help me solve this problem? Does tomcat always creates a 
jsessionid cookie when a timeout occurs or this just happens in my web 
app? And if this is a tomcat issue, how do I disallow this (if it is 
possible, anyway)?

Luis Amorim

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message