tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rashmi Rubdi" <rashmi....@gmail.com>
Subject Re: unexpected session behavior in Tomcat 5.x
Date Sun, 29 Apr 2007 01:29:37 GMT
On 4/28/07, David <turntwo463@gmail.com> wrote:
> I've tried forcing the url rewriting behavior by deploying the following
> snippet in a context.xml file in my webapp's META-INF directory.
>
> <Context path="/mywebapp debug="10" cookies="false">
>
>     <!-- Default set of monitored resources -->
>     <WatchedResource>WEB-INF/web.xml</WatchedResource>
>
>     <!-- Uncomment this to disable session persistence across Tomcat
> restarts -->
>     <!--
>     <Manager pathname="" />
>     -->
>
> </Context>
>
> This provides a work-around under Tomcat 5.5, but does not change the
> behavior seen under Tomcat 5.0.  And of course, Tomcat 5.0 is the version we
> ship our product with. :)  I've also tried taking the snippet and adding it
> to Tomcat 5.0's server.xml file, but that also does not force url rewriting.
>
> So there seem to be two issues.  First, when url encoding produces cookies,
> why does the request to the servlet in step 2) not transmit the cookie and
> reuse the same original session, but it is sent and reused in step 3)?

I didn't see the behavior you're describing above when I conducted a small test.

What I see is that the exact same JSESSIONID is being passed between 3
different servlets, when URL Rewriting is used and cookies="false" is
used. Also with this setting a cookie is not being written to the
browser at all.

Even when URL Rewriting is not used or when cookies="true" , there is
exactly one JSESSIONID cookie in the browser.

I suspect that there might be something in the custom written code
that is probably invalidating the existing session, or removing the
attribute from the session or the session is timing out and a new one
is being created or the page is getting cached by the browser and
hence invalidating the session.

In my test case I set cookies="false" in the definition of my
project's Context XML file and then I wrote the following 3 servlets:

----------------------------------------------------------------------------------
FirstSessionServlet.java
----------------------------------------------------------------------------------
package test84;

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class FirstSessionServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse
response) throws IOException {
        processRequest(request,response);
    }

    public void doGet(HttpServletRequest request, HttpServletResponse
response) throws IOException {
        processRequest(request,response);
    }

    private void processRequest(HttpServletRequest request,
HttpServletResponse response) throws IOException {

        //Create a new session if it doesn't exist.
        HttpSession session = request.getSession(true);

        session.setAttribute("city","New York");

        String rewrittenUrl =
response.encodeRedirectURL("/SecondSessionServlet");
        System.out.println("FirstSesionServlet --- Rewritten URL: " +
rewrittenUrl);
        response.sendRedirect(rewrittenUrl);

    }
}

-------------------------------------------------------------------------------------------------
SecondSessionServlet.java
-------------------------------------------------------------------------------------------------
package test84;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class SecondSessionServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse
response) throws IOException {
        processRequest(request, response);
    }

    public void doGet(HttpServletRequest request, HttpServletResponse
response) throws IOException {
        processRequest(request, response);
    }

    private void processRequest(HttpServletRequest request,
HttpServletResponse response) throws IOException {

        //Get existing session, don't create a new one
        HttpSession session = request.getSession(false);
        System.out.println("SecondSessionServlet Is session new? " +
session.isNew());

        String city = (String)session.getAttribute("city");
        System.out.println("Get session attribute city: " + city);

        String rewrittenUrl =
response.encodeRedirectURL("/ThirdSessionServlet");
        System.out.println("SecondSessionServlet --- Rewritten URL: "
+ rewrittenUrl);
        response.sendRedirect(rewrittenUrl);
    }
}

-----------------------------------------------------------------------------------------------
ThirdSessionServlet.java
-----------------------------------------------------------------------------------------------
package test84;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpSession;

public class ThirdSessionServlet extends HttpServlet {

    public void doPost(HttpServletRequest request, HttpServletResponse
response) {
        processRequest(request, response);
    }

    public void doGet(HttpServletRequest request, HttpServletResponse
response) {
        processRequest(request, response);
    }

    private void processRequest(HttpServletRequest request,
HttpServletResponse response) {

        //Get existing session, don't create a new one
        HttpSession session = request.getSession(false);
        System.out.println("In 3rd servlet ---  Is session new? " +
session.isNew());

        String city = (String)session.getAttribute("city");
        System.out.println("3rd Servlet --- Session attribute city: " + city);
    }
}



> Second, why does the configuration for turning off cookies not work under
> Tomcat 5.0?
>
> Thanks, again.
> David
>

-Regards
Rashmi

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message