tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: lost session in Tomcat 7.040 and IE8
Date Fri, 14 Jun 2013 15:51:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

André,

On 6/14/13 3:17 AM, André Warnier wrote:
> Carl Dreher wrote:
>> I have Tomcat 7.0.26 running on Window7 Pro.  I also have Tomcat
>>  7.0.40 running on a Windows 7 Home Premium.  Both have the same
>>  website.  (Obviously, I'm doing some testing.)
>> 
>> In the website, a user logs on and the user ID is kept in the 
>> session.   In one of the JSP pages I have some JavaScript 
>> attached to an html button <input type="button" name="" 
>> value="blah blah blah" 
>> onclick="window.location='/MySite/MyAction.do'"> (I'm using 
>> Struts.)  Now, here is were it gets strange...
>> 
>> During testing, I found that IE8 and IE9 both run fine against 
>> Tomcat 7.0.26.  By that I mean, after the user logs on, the user 
>> ID is kept in the session.  After navigating around the site, if 
>> the user then clicks on the above button, the Struts Action
>> class "MyAction.do" is able to find the user ID in the session.
>> The same is true of IE9 against Tomcat 7.0.40.
>> 
>> But if I do the above with IE8 against the site on Tomcat
>> 7.0.40, the user ID in the session is empty.
>> 
>> To summarize, |     IE8             |   IE9 
>> ----------------------------------------------------------- 
>> Tomcat 7.0.26  |     ok               |     ok 
>> ----------------------------------------------------------- 
>> Tomcat 7.0.40   |    fail              |      ok 
>> -----------------------------------------------------------
>> 
>> Any ideas where to start looking?
>> 
> 
> Yes. I would recommend, first of all, that you install some add-on 
> on the IE side, which can display the conversation between IE and 
> server (HTTP headers etc.). (I know of Fiddler2, but there might
> be others). Then run your check once on each, and compare 
> requests/responses/headers.

+1

My first reaction is that the session id cookie is being lost, and the
URL being used for window.location=... has not been run through
response.encodeURL().

Carl, you can use one of any number of fine JSP tag libraries (JSTL,
Struts own taglibs, etc.) to do the equivalent of this (example uses
JSTL):

<input type="button" name="" value="..."
onclick="window.location='<c:url value="/MyAction.do" />'" />

Note that I assumed /MySite was your context path and so I removed it
from the <c:url> call: <c:url> knows the context path and will insert
it into the URL automatically. If you are running as ROOT context and
the /MySite is actually part of the local URI, you'll obviously need
to add that back in.

Whether this fixes your problem or not, you should be doing it all the
time for two reasons:

1. Sessions will continue to work when users have disabled
cookie-based session tracking

2. Your webapp will continue to work if you change its name (say, from
/MySite to /MyOtherSite)

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJRuzv9AAoJEBzwKT+lPKRYPtUP/RKSTtMsu9fDJ4IIdxQ1lczF
RuMR0yWFS2NJ+9bFOp+JBguj2mPGDXIXsh5ylZC0BxuUr7nc/XmBqQHDrvhu+7/q
U9NWqJh5CucSmNqioszEQ61tCaRqK39z9NpQpw3VPf14ShPAxb4Rlre9hba2oCR4
eohVo40hmGjmH4Gn5qm7AR3GTxX71Rs/Lwb/VItUurUpixCv8kNk5a4xNL0uzkcC
YCDnzEXU5P1S4Ec2qqqQDT1wbCEfYDWtSh70/WxRN3GZgXT6RUUX59YeeQYJueUs
9vFAVBXRhouMm/qpWlYIYVch1ynHINAB3srgcUA7u3ViGgYTM3x+7PLM5zA2UpJ7
Vs7iSAf8uodLw+kmWj1fWeeKRHVrAmqW4V5wD/FMD+PSqTR95elzsEvw8oxSAsak
HEZXpgSo+UXrbk0zU8pQ7yct4AAm23ijOzTNVdIi8V9vw08ALHAs0iAvUyxWkvuf
zOBNEP38esHMpgTOH4/ul8B8L7mnL3+6T4m6YFz6lUnD2SbZOjYpU4Y4lgBcoYZd
gnn53Xu6eN3U9jMSgNNpR2YP/G9j/FUYPW+Up4Pe97bFHYgD07AJ15zxxCX47htb
jlfcqXa85z+L0BxWw5TGUepFFpNXgWQEcgoKhEsn+CWVJZLh72czKFZRyr8UxiF0
0Oboz8dhXnas66JdIiXo
=oaRx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message