tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Bowen <>
Subject Re: jsessionid on EXACTLY the 2nd request?
Date Mon, 04 Jan 2010 21:43:04 GMT
I'm not sure about that.   Here's what seems to me to be the sequence  
of events:

Browser sends initial request
         Tomcat creates session and generates page for this request.
         Tomcat doesn't know that Browser supports cookies, so it  
should append jsessionid (but doesn't ??)
Browser get's Tomcat response & display's page with address:
Browser creates JSESSIONID cookie (using info supplied by Tomcat in  
Cookie has contents:    4E4F86E5B779F43BCA7895B8A554FDCD
  Browser makes  2nd request, for http://myapp/anotherPage.  Browser  
must definitely by now be stating that it supports cookies.
          Tomcat prepares response, adding jsessionid (why?), the SAME  
jsessionid as in the cookie: 4E4F86E5B779F43BCA7895B8A554FDCD
Browser displays response with jsessionid showing in address bar.
More interactions,  but no more jsessionid's.....

On Jan 4, 2010, at 4:11 PM, Mark Thomas wrote:

> On 04/01/2010 20:52, Ken Bowen wrote:
>> I'm seeing what I think is odd behavior regarding jsessionid's.
>> [My setup(s): Tomcat 6.0.20 on a MacBook Pro using Java 1.6.0_17,
>> Tomcat 6.0.18 on CentOS 5 using Java 1.6.0_12 ]
>> I'm seeing the same behavior on both systems, and the same
>> behavior happens with Safari and FF.  Both browsers have cookies  
>> turned on.
>> I have cookies="true" in context.xml in the app's META_INF.
>> The Behavior:
>> I Clear Recent History in FF, which includes clearing cookies,
>> and request     I connect and the address bar  
>> shows:
>> Moreover, a JESSIONID cookie shows in FF's list of cookies.
>> I make a request for another page in the app and the address bar  
>> shows:
> Just a guess - I haven't looked at the source code to be sure.
> At the point where the page was generated, Tomcat doesn't know that  
> the
> client supports cookies since at that point the client hasn't sent a
> request with a JSESSIONID cookie so any urls generated will have the
> session ID appended.
> Once a cookie is received, Tomcat knows there is no need to include  
> the
> session ID in the URL.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message