tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Bowen <kbo...@als.com>
Subject Re: jsessionid on EXACTLY the 2nd request?
Date Mon, 04 Jan 2010 21:43:04 GMT
I'm not sure about that.   Here's what seems to me to be the sequence  
of events:

Browser sends initial request  http://myapp.com
         Tomcat creates session and generates page for this request.
         Tomcat doesn't know that Browser supports cookies, so it  
should append jsessionid (but doesn't ??)
Browser get's Tomcat response & display's page with address:   http://myapp.com
Browser creates JSESSIONID cookie (using info supplied by Tomcat in  
response):
Cookie has contents:    4E4F86E5B779F43BCA7895B8A554FDCD
-----
  Browser makes  2nd request, for http://myapp/anotherPage.  Browser  
must definitely by now be stating that it supports cookies.
          Tomcat prepares response, adding jsessionid (why?), the SAME  
jsessionid as in the cookie: 4E4F86E5B779F43BCA7895B8A554FDCD
Browser displays response with jsessionid showing in address bar.
----
More interactions,  but no more jsessionid's.....


On Jan 4, 2010, at 4:11 PM, Mark Thomas wrote:

> On 04/01/2010 20:52, Ken Bowen wrote:
>> I'm seeing what I think is odd behavior regarding jsessionid's.
>> [My setup(s): Tomcat 6.0.20 on a MacBook Pro using Java 1.6.0_17,
>> Tomcat 6.0.18 on CentOS 5 using Java 1.6.0_12 ]
>> I'm seeing the same behavior on both systems, and the same
>> behavior happens with Safari and FF.  Both browsers have cookies  
>> turned on.
>>
>> I have cookies="true" in context.xml in the app's META_INF.
>>
>> The Behavior:
>> I Clear Recent History in FF, which includes clearing cookies,
>> and request http://myapp.com/     I connect and the address bar  
>> shows:
>>
>>    http://myapp.com/
>>
>> Moreover, a JESSIONID cookie shows in FF's list of cookies.
>>
>> I make a request for another page in the app and the address bar  
>> shows:
>>
>>
>> http://myapp.com/anotherPage;jsessionid=9612C2CAA30DE590AA7A5FDB046DA4F9
>
> Just a guess - I haven't looked at the source code to be sure.
>
> At the point where the page was generated, Tomcat doesn't know that  
> the
> client supports cookies since at that point the client hasn't sent a
> request with a JSESSIONID cookie so any urls generated will have the
> session ID appended.
>
> Once a cookie is received, Tomcat knows there is no need to include  
> the
> session ID in the URL.
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message