tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Session problem
Date Wed, 25 Aug 2010 14:11:23 GMT
Hash: SHA1


On 8/25/2010 9:55 AM, Hisham wrote:
>> 1. Are you using cookies? If you don't properly encode all the URLs in
>> your webapp, you could be losing session information when cookies are
>> /not/ being used. It sounds like you are using cookies, though, given
>> your statement about using Firebug to read the headers en route.
> I'm not using any cookies.  Also i want to stress the fact that the
> app works fine in my local environment.

Uh, then I'm confused by your original post, which included this:

Which is strange because the session id is
the same (i have verified by printing it out, and also seeing what is
sent in the actual request headers via firebug).

If you were observing the headers for your session id, then what other
header would you be looking for besides the JSESSIONID cookie? IF you
aren't using cookies for session id management, then are you properly
encoding all your URLs? If you aren't, you'll lose your session when you
click on one of those URLs.

Please post the HTML code around the link to your "Messages" page.

>> 2. Even if your session id is okay, are you dumping the value of the
>> "test attribute" for the session? Even though you aren't removing it,
>> that attribute might have been damaged by something else.
> I've looked everywhere, and unless i missed something i don't think
> this is the issue.

You still didn't say that you actually observed the value you expect to
be in the session, and your Filter still forces a login. Could you:

1. Post the code to your filter
2. Add a logging statement that prints the URL being accessed

It's possible that there's some image being requested that's fouling
things up.

>> 3. You could write another filter that wraps your HttpSession when
>> requested by the webapp and reports all modifications to it (that is,
>> calls to setAttribute/removeAttribute/setValue/removeValue).
> How would I go about doing this?  Is there a particular filter that
> listens to attributes being changed?

No, which is why I said you could write one. I believe I've posted the
full code for such a filter on this list in the past. Consider searching
the archives.

>> 4. Any reason not to use the container-managed login and session
>> management? Tomcat can take care of all this logic for you...
> Will eventually move to this, you're right.  I am using Spring so will
> use Spring security/Acegi.

Maybe now would be a good time for that. You may spend less time
implementing ACEGI than you would tracking-down whatever this problem is.

I suspect that the Windows vs. Linux environment is not related to the
problem you're experiencing (unless this is some kind of case-sensitive
issue, which is entirely possible).

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message