tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: lost session in Tomcat 7.040 and IE8
Date Fri, 14 Jun 2013 15:51:25 GMT
Hash: SHA256


On 6/14/13 3:17 AM, André Warnier wrote:
> Carl Dreher wrote:
>> I have Tomcat 7.0.26 running on Window7 Pro.  I also have Tomcat
>>  7.0.40 running on a Windows 7 Home Premium.  Both have the same
>>  website.  (Obviously, I'm doing some testing.)
>> In the website, a user logs on and the user ID is kept in the 
>> session.   In one of the JSP pages I have some JavaScript 
>> attached to an html button <input type="button" name="" 
>> value="blah blah blah" 
>> onclick="window.location='/MySite/'"> (I'm using 
>> Struts.)  Now, here is were it gets strange...
>> During testing, I found that IE8 and IE9 both run fine against 
>> Tomcat 7.0.26.  By that I mean, after the user logs on, the user 
>> ID is kept in the session.  After navigating around the site, if 
>> the user then clicks on the above button, the Struts Action
>> class "" is able to find the user ID in the session.
>> The same is true of IE9 against Tomcat 7.0.40.
>> But if I do the above with IE8 against the site on Tomcat
>> 7.0.40, the user ID in the session is empty.
>> To summarize, |     IE8             |   IE9 
>> ----------------------------------------------------------- 
>> Tomcat 7.0.26  |     ok               |     ok 
>> ----------------------------------------------------------- 
>> Tomcat 7.0.40   |    fail              |      ok 
>> -----------------------------------------------------------
>> Any ideas where to start looking?
> Yes. I would recommend, first of all, that you install some add-on 
> on the IE side, which can display the conversation between IE and 
> server (HTTP headers etc.). (I know of Fiddler2, but there might
> be others). Then run your check once on each, and compare 
> requests/responses/headers.


My first reaction is that the session id cookie is being lost, and the
URL being used for window.location=... has not been run through

Carl, you can use one of any number of fine JSP tag libraries (JSTL,
Struts own taglibs, etc.) to do the equivalent of this (example uses

<input type="button" name="" value="..."
onclick="window.location='<c:url value="/" />'" />

Note that I assumed /MySite was your context path and so I removed it
from the <c:url> call: <c:url> knows the context path and will insert
it into the URL automatically. If you are running as ROOT context and
the /MySite is actually part of the local URI, you'll obviously need
to add that back in.

Whether this fixes your problem or not, you should be doing it all the
time for two reasons:

1. Sessions will continue to work when users have disabled
cookie-based session tracking

2. Your webapp will continue to work if you change its name (say, from
/MySite to /MyOtherSite)

Hope that helps,
- -chris
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
Comment: Using GnuPG with Thunderbird -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message