tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robin Diederen <>
Subject RE: Tomcat sessions issue?
Date Wed, 18 Aug 2010 21:57:52 GMT
Hi Andre,

That?s interesting to say the least. Without cookies enabled, I can't login to either of both

So I "designed" another test: using two browsers I visited both applications. And guess what:
it works like a charm! So I guess you are right on the cookies :-).

The only one thing I do not understand: I've done this a few times before and I never ran
into these issues. The only difference is that I'm using a newer version of LifeRay for the
first time, but AFAIK the other LifeRay version I used uses JSESSION too..

Tomorrow I'll look into the hosts (now it's bed time ;)).

Best, Robin

-----Oorspronkelijk bericht-----
Van: André Warnier [] 
Verzonden: woensdag 18 augustus 2010 23:39
Aan: Tomcat Users List
Onderwerp: Re: Tomcat sessions issue?

Hassan Schroeder wrote:
> On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <> wrote:
>> Here's some info:
>> Server.xml from LifeRay:
> I'm not going to waste my time wading through all the boilerplate
> comments (hint, hint) but unless these are separate virtual hosts,
> my bet's on a cookie conflict, either sessionid or whatever auth
> system you're using.

I'll expand on that :

1) it is common usage, when pasting server.xml etc here, to remove the parts that are 
comments (and the parameter values that may be confidential, like passwords), so that the

readers do not have to browse through a bunch of lines to find the ones that are active.

2) about the cookie conflict :
As far as I know, a cookie is specific to a hostname, but not to a port.
So if both servers answer to the same hostname, even on different ports, their JSESSIONID

cookies would just overwrite one another.
In other words :
- you login in tomcat instance A, and get a session and an assorted JSESSIONID cookie for

server A, labeled with the hostname "myserver"
- then you login to instance B, and get another session and another assorted JSESSIONID 
cookie for server B, labeled with the hostname "myserver".
This one overwrites the previous one, because both the hostname and the cookiename are the

So when you try to access server A again, your JSESSIONID cookie does not match any 
existing session on server A, and it asks you to login again.

Quick fix and test : disable cookies in your browser and try again.
Tomcat will notice that the browser does not return cookies, and will use URL-rewriting 
instead to carry the session-id.

Better fix :
- re-enable cookies in your browser
- give different hostnames to your two tomcat instances and restart them
- in your workstations local "hosts" file, add a line for each of these hostnames, with 
the IP address of the server.
- with your browser, use the appropriate hostname to access each of the Tomcat instances 
(not only a different port, also a different name)

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message