tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request / JSESSIONID changes
Date Thu, 09 Jun 2011 08:19:40 GMT
On 08/06/2011 10:18, Sascha Hesse wrote:
> Hello all,
> 
> I'm hosting our spring mvc 3.0.5 application in tomcat 7.0.14 and also
> tried 6.0.32
> 
> The server is hosting two webapps.
> 
> The frontend: http://localhost:50012/frontend
> The backend: http://localhost:50012/backend
> 
> The Request-Flow looks as following:
> 
> User: http://localhost:50012/frontend/index.htm
>                 AJAX Frontend:
> http://localhost:50012/frontend/setFilter.htm
>                 AJAX Backend:
> http://localhost:50012/backend/setFilter.htm
> User: onClick()
>          AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
>          AJAX Backend: http://localhost:50012/backend/setFilter.htm
> 
> 
> The corresponding request-pairs to frontend and backend should be
> identified via the sessionID.
> 
> Tomcat is doing that via Cookie JSESSIONID. I configured Tomcat
> according to https://issues.apache.org/bugzilla/show_bug.cgi?id=48379
> <Context sessionCookiePath="/" sessionCookieDomain=".localhost">
> 
> If I look into the cookies in request and response the following
> happens (note I shortened the sessionIds)
> 
> 
>  User: http://localhost:50012/frontend/index.htm
>      ResponseHeader: -
>      RequestHeader: JSESSIONID=1
> AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
>      ResponseHeader: -
>      RequestHeader: JSESSIONID=1
> AJAX Backend: http://localhost:50012/backend/setFilter.htm
>      ResponseHeader: set JSESSIONID=2
>      RequestHeader: JSESSIONID=1
> User: onClick()
> AJAX Frontend: http://localhost:50012/frontend/setFilter.htm
>      ResponseHeader: setJSESSIONID=3
>      RequestHeader: JSESSIONID=2
> AJAX Backend: http://localhost:50012/backend/setFilter.htm
>      ResponseHeader: -
>      RequestHeader: JSESSIONID=2
> 
> ...the sessionID alsways changes when I'm requesting the other
> context. Has anyone a hint according to this?

Does the AJAX javascript set the session id in a cookie header, or
append it as a path attribute?

You can't rely on the browser to do this automagically for you in most
AJAX libs.


p



Mime
View raw message