tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Terence M. Bandoian" <>
Subject Re: Different session id per page
Date Mon, 02 Jan 2012 23:55:52 GMT
  On 1:59 PM, Jerry Malcolm wrote:
> Thanks, Tim.  But that wasn't the problem.  I've figured out what's
> happening.  But I'm even more confused about how to move forward knowing
> that now.
> I've got a relatively simple situation.  I have three pages that I am
> mapping to clean URLs in httpd mod_rewrite.
> /cart = /order/jsp/guest/cart.jsp
> /locateaccount = /order/jsp/guest/locateaccount.jsp
> /checkout = /order/jsp/guest/checkout.jsp
> I looked at my firefox cookies, and I have a cookie for /order. It makes
> sense that /order would be the cookie that's sent back from TC, since
> that's the URL that TC sees.  It's obvious to me now that when Firefox
> requests the page "/locateaccount" it has no cookie to send for
> "/locateaccount", since the cookie it should be sending is labeled
> "/order", and firefox has no knowledge of the /order prefix
> OK, it's clear what's happening.  But am I just out of luck? My client has
> requested clean URLs.  But this has been nothing but a headache from the
> start.
> Am  I missing something really obvious?  Is there any possible way to
> configure TC such that the three URLs above, with the URL mappings as
> described, can keep track of one session?
> How does TC decide what path to store the session id cookie under?  Again,
> I saw a cookie for /order.  But I also saw a cookie for another webapp for
> /idmanager/jsp/user.  I don't want to change all my urls to /order/cart,
> /order/checkout, etc. only to find out TC might send /order/jsp/guest for
> the session path in some situation. If there was a way to tell TC to use
> "/" as the path, that would work in this case.  But in the broader picture,
> I have more than one web app on this host.  There are separate sessions for
> each webapp, right?  So in that case the browser couldn't keep them
> separate if they were all mapped to "/", right?
> Bottom line... is the mapping above with a single session possible?
> Thx
> Jerry
> On Sat, Dec 31, 2011 at 1:28 AM, Tim Watts<>  wrote:
>> On Sat, 2011-12-31 at 00:33 -0600, Jerry Malcolm wrote:
>>> I have a web app that's worked for years.  I had to go in and do some
>>> renovations on it due to a few new requirements.  Now for some reason,
>> I'm
>>> getting a new/different session id for each page.  It's easy to see
>> that's
>>> what happening since I use the sessionid for a log file name.  Where I
>> used
>>> to get one log file when clicking through a series of pages, I now get a
>>> bunch of logging files.  This is a problem since I store data in the
>>> session object between pages. And now the pages cannot find the data.
>>   This
>>> is on TC 7.
>>> The only major thing I'm doing differently now that I can figure might
>>> affect it is I'm using mod_rewrite in apache httpd.  But I'm grasping at
>>> straws.  I really don't see how mod_rewrite would be preventing session
>>> data from passing through.  Or could it?
>>> The way I understand it, it's simply a session key that's passed back and
>>> forth as a cookie, right?
>> The session ID could also be embedded in the URL and perhaps mod_rewrite
>> is dropping it.  You could compare the access logs in httpd vs tomcat
>> (enable them in tomcat if necessary).
>>> Any ideas why I'm losing my sessions on each page?
>>> Thx
>>> Jerry

Hi, Jerry-

It seems like you could simplify things if you mapped:

/order/jsp/guest/cart.jsp  to  /order/cart
/order/jsp/guest/locateaccount.jsp  to  /order/locateaccount
/order/jsp/guest/checkout.jsp  to  /order/checkout

Apparently, /order is the context path for these pages which, I believe, 
is the default for the cookie session path.  These mappings could be 
defined in web.xml which would eliminate the need for URL rewriting.

-Terence Bandoian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message