tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Menachem Husarsky <>
Subject Re: Re: windows 2k3 / Tomcat 6 / IIS configuration - randomly losing sessions
Date Wed, 22 Apr 2009 04:25:41 GMT



Firstly, thanks for helping out. Here are my responses to your questions.


>Are all your customers using Cookies?


Yes. However, URL rewriting is disabled. When I turn off cookies in any of my browsers, our
website's cart functionality will not work, so if customers are complaining about their cart's
being purged in the middle of checkout it is not a cookie issue with their browsers.


>Do you ever switch hostnames during any of the website interactions?
>That would break your Cookie trail and you would observe the user's
>session "disappearing". The same thing can happen if the session cookie
>was created using HTTPS and then you switch to HTTP.

No we do not switch host names. customers start their sessions in HTTP and switch to HTTPS
to complete checkout. Not the other way around.


>Can you give us more information about the circumstances? Does it always
>happen during a particular page transition? What else do these failures
>have in common?


It seems to happen during a transition from any one page to another, but losing sessions,
primarily interests me when it occurs during the checkout process. we're recording the cart
purge on various checkout pages.


I don't perceive any particular commonality. At first i thought it was a browser issue, because
it was happening to people who use IE 7. However, recently I noticed it occurring to Mozilla
Firefox users as well. I have ruled out a browser issue client side as the culprit, especially
in light of the fact that this worked fine for years with resin. One thing I have noticed
is sometimes, a particular customer would get their cart purged in the middle of a checkout
session, and then it would happen to the same customer/IP a few minutes later. This is why
i pursued the browser line of thinking, but it doesn't explain why things worked fine for
years in resin.


Right now I'm pursuing two lines of thinking:

1) somehow tomcat is in fact killing off the session, so on the next request the user get's
a new session, thus purging their cart since our cart system uses sessions for storage.

2) somehow amid page redirects, tomcat doesn't get the session ID from the browser and therefore
issues to the browser a new session ID, so although the cart exists under the old session
object, the user effectively loses their cart by receiving a new session.


Do you have any suggestions for me for how to debug this in a finer more controlled fashion?


Windows Live™ SkyDrive™: Get 25 GB of free online storage.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message