tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xiaojun Deng <xjde...@gmail.com>
Subject Re: Tomcat SSO JSESSIONIDSSO value can't be reset by browser
Date Mon, 01 Mar 2010 07:49:03 GMT
On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote:
>On 26/02/2010 14:58, Xiaojun Deng wrote:
>>On Fri, Feb 26, 2010 at 8:51 PM, Pid<pid@pidster.com>  wrote:
>>>On 26/02/2010 09:59, Xiaojun Deng wrote:
>>>>
>>>>On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
>>>>>
>>>>>On 26/02/2010 04:15, Xiaojun Deng wrote:
>>>>>>
>>>>>>Hello,
>>>>>>
>>>>>>I use the Tomcat SSO function, and I found that when I restart my
tomcat
>>>>>>or the
>>>>>>session timeout, I refresh the page, the cookie JSESSIONIDSSO keep
the
>>>>>>old value,
>>>>>>so I can't login my application.
>>>>>>
>>>>>>And the web application's JSESSIONID works well, they can reset the
>>>>>>cookie value.
>>>>>>
>>>>>>Is there a way to configure for the JSESSIONIDSSO?
>>>>>>
>>>>>>server.xml content
>>>>>><Host name="localhost"  appBase="webapps"
>>>>>>unpackWARs="true" autoDeploy="true"
>>>>>>xmlValidation="false" xmlNamespaceAware="false">
>>>>>>
>>>>>><Realm  className="org.apache.catalina.realm.SSOMultipleDSRealm"
/>
>>>>>><!-- SingleSignOn valve, share authentication between web applications
>>>>>>Documentation at: /docs/config/valve.html -->
>>>>>><Valve className="org.apache.catalina.authenticator.SingleSignOn"
>>>>>>requireReauthentication="false"/>
>>>>>></Host>
>>>>>>
>>>>>>Thanks.
>>>>>
>>>>>What are your exact Tomcat, JVM, OS versions?
>>>>>
>>>>
>>>>CentOS release 5.2 (Final) kernel 2.6.18-92.el5
>>>>Tomcat 6.0.20
>>>>JVM jdk_1.6.0_14
>>>
>>>
>>>How many applications do you have deployed, and what is the session timeout
>>>for each one?
>>>
>>
>>I deployed 3 applications, and two session timeout are 60min, and the
>>rest is 5min for testing,
>
>OK - so if you're using the SSO valve, then the longer session
>timeout should mean that the users of the app with the shorter one is
>automatically logged in again.
>
yes, thanks for your comments 
>
>>All the applications' JSESSIONID can be reset when the session timeout
>>(5min) or server restart (I checked the Firefox cookies manager),
>>but the JSESSIONIDSSO value can't be reset, it keep the old cookie
>>value, and when login into the server again, it failed caused by using
>>a old
>>cookie value, but the server have created a new session cookie.
>
>I'm not entirely sure I understand what you mean here.  The value of
>JSESSIONID may change, but the session itself should remain intact.
>
>What is failing, exactly, and what symptoms are you seeing?  The user
>is logged out, or an error page?
>

I'm sorry for the descriptions, maybe it's a complex problem for me...
Because I used the JSESSIONIDSSO value to validate, and I just want to the
value will change when the session timout or server restart, but when session timeouted,
the firefox cookie still keeped the old value, I don't know what happened.

>
>>Actually, I don't know who manages the JSESSIONIDSSO, I think the
>>JSESSIONID managed by each application, and it can refresh when
>>session timeout, but why the JSESSIONIDSSO can't work well?
>>
>>Thanks.
>
>The %CATALINA_HOME%/conf/context.xml file contains a documented
>setting which allows the session to be persisted during restarts.  If
>it is enabled then the session will be restored to each user, after
>restart.
>
I don't enable it.
A session(JSESSIONID) is managed by the web application, like
webapps/app1
webapps/app2
But who manages the JSESSIONIDSSO?


Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it
will create a new value, and work well.

Thanks.
>
>p
>
>
>>>>>>---------------------------------------------------------------------
>>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>
>>>>>
>>>>>---------------------------------------------------------------------
>>>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>
>>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message