tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Xiaojun Deng <>
Subject Re: Tomcat SSO JSESSIONIDSSO value can't be reset by browser
Date Mon, 01 Mar 2010 07:49:03 GMT
On Fri, Feb 26, 2010 at 03:28:50PM +0000, Pid wrote:
>On 26/02/2010 14:58, Xiaojun Deng wrote:
>>On Fri, Feb 26, 2010 at 8:51 PM, Pid<>  wrote:
>>>On 26/02/2010 09:59, Xiaojun Deng wrote:
>>>>On Fri, Feb 26, 2010 at 09:57:46AM +0000, Pid wrote:
>>>>>On 26/02/2010 04:15, Xiaojun Deng wrote:
>>>>>>I use the Tomcat SSO function, and I found that when I restart my
>>>>>>or the
>>>>>>session timeout, I refresh the page, the cookie JSESSIONIDSSO keep
>>>>>>old value,
>>>>>>so I can't login my application.
>>>>>>And the web application's JSESSIONID works well, they can reset the
>>>>>>cookie value.
>>>>>>Is there a way to configure for the JSESSIONIDSSO?
>>>>>>server.xml content
>>>>>><Host name="localhost"  appBase="webapps"
>>>>>>unpackWARs="true" autoDeploy="true"
>>>>>>xmlValidation="false" xmlNamespaceAware="false">
>>>>>><Realm  className="org.apache.catalina.realm.SSOMultipleDSRealm"
>>>>>><!-- SingleSignOn valve, share authentication between web applications
>>>>>>Documentation at: /docs/config/valve.html -->
>>>>>><Valve className="org.apache.catalina.authenticator.SingleSignOn"
>>>>>What are your exact Tomcat, JVM, OS versions?
>>>>CentOS release 5.2 (Final) kernel 2.6.18-92.el5
>>>>Tomcat 6.0.20
>>>>JVM jdk_1.6.0_14
>>>How many applications do you have deployed, and what is the session timeout
>>>for each one?
>>I deployed 3 applications, and two session timeout are 60min, and the
>>rest is 5min for testing,
>OK - so if you're using the SSO valve, then the longer session
>timeout should mean that the users of the app with the shorter one is
>automatically logged in again.
yes, thanks for your comments 
>>All the applications' JSESSIONID can be reset when the session timeout
>>(5min) or server restart (I checked the Firefox cookies manager),
>>but the JSESSIONIDSSO value can't be reset, it keep the old cookie
>>value, and when login into the server again, it failed caused by using
>>a old
>>cookie value, but the server have created a new session cookie.
>I'm not entirely sure I understand what you mean here.  The value of
>JSESSIONID may change, but the session itself should remain intact.
>What is failing, exactly, and what symptoms are you seeing?  The user
>is logged out, or an error page?

I'm sorry for the descriptions, maybe it's a complex problem for me...
Because I used the JSESSIONIDSSO value to validate, and I just want to the
value will change when the session timout or server restart, but when session timeouted,
the firefox cookie still keeped the old value, I don't know what happened.

>>Actually, I don't know who manages the JSESSIONIDSSO, I think the
>>JSESSIONID managed by each application, and it can refresh when
>>session timeout, but why the JSESSIONIDSSO can't work well?
>The %CATALINA_HOME%/conf/context.xml file contains a documented
>setting which allows the session to be persisted during restarts.  If
>it is enabled then the session will be restored to each user, after
I don't enable it.
A session(JSESSIONID) is managed by the web application, like
But who manages the JSESSIONIDSSO?

Now I resolved this problem via deleting the JSESSIONIDSSO cookie value, and it
will create a new value, and work well.

>>>>>>To unsubscribe, e-mail:
>>>>>>For additional commands, e-mail:
>>>>>To unsubscribe, e-mail:
>>>>>For additional commands, e-mail:
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message