tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Tomcat sessions issue?
Date Wed, 18 Aug 2010 21:38:40 GMT
Hassan Schroeder wrote:
> On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <> wrote:
>> Here's some info:
>> Server.xml from LifeRay:
> I'm not going to waste my time wading through all the boilerplate
> comments (hint, hint) but unless these are separate virtual hosts,
> my bet's on a cookie conflict, either sessionid or whatever auth
> system you're using.

I'll expand on that :

1) it is common usage, when pasting server.xml etc here, to remove the parts that are 
comments (and the parameter values that may be confidential, like passwords), so that the

readers do not have to browse through a bunch of lines to find the ones that are active.

2) about the cookie conflict :
As far as I know, a cookie is specific to a hostname, but not to a port.
So if both servers answer to the same hostname, even on different ports, their JSESSIONID

cookies would just overwrite one another.
In other words :
- you login in tomcat instance A, and get a session and an assorted JSESSIONID cookie for

server A, labeled with the hostname "myserver"
- then you login to instance B, and get another session and another assorted JSESSIONID 
cookie for server B, labeled with the hostname "myserver".
This one overwrites the previous one, because both the hostname and the cookiename are the

So when you try to access server A again, your JSESSIONID cookie does not match any 
existing session on server A, and it asks you to login again.

Quick fix and test : disable cookies in your browser and try again.
Tomcat will notice that the browser does not return cookies, and will use URL-rewriting 
instead to carry the session-id.

Better fix :
- re-enable cookies in your browser
- give different hostnames to your two tomcat instances and restart them
- in your workstations local "hosts" file, add a line for each of these hostnames, with 
the IP address of the server.
- with your browser, use the appropriate hostname to access each of the Tomcat instances 
(not only a different port, also a different name)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message