tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen McCants <stephen.mcca...@hcs.us.com>
Subject Re: Session Config => Tracking Mode not working
Date Tue, 18 Nov 2014 21:21:40 GMT
Hello Konstantin Kolinko,

I fixed my dumb web.xml schema declaration.  Thanks for pointing that out.

I also added the COOKIE tracking mode to the example servlet and it worked there (the URL
encoded link did not contain the JSESSIONID).

So, next I turned on logEffectiveWebXml="true" and verified that the effective web.xml for
both of my wars contains:

  <session-config>
    <session-timeout>30</session-timeout>
    <cookie-config>
    </cookie-config>
    <tracking-mode>COOKIE</tracking-mode>
  </session-config>

But the first time I hit the web app, I'm still getting JSESSIONID in the URL.  

Then I turned on Strict Compliance to wring out any other errors in my web.xml that might
be causing the problem.   It found some problems in the Tag
Library tld files and fixed those, but that had no effect on JSESSIONID in the URL.  I have
no further errors in Catalina log or any other logs files.

At this point, I'm not sure what else I should try to debug the problem.

Any suggestions would be appreciated.

Sincerely,
Stephen McCants

On Tue, 18 Nov 2014 03:17:27 +0300
Konstantin Kolinko <knst.kolinko@gmail.com> wrote:

> 2014-11-18 2:49 GMT+03:00 Stephen McCants <stephen.mccants@hcs.us.com>:
> > Hello,
> >
> > I'm trying to remove the JSESSIONID from my URL the first time someone hits my Tomcat
Web App, but I've not been able to get it working for some
> > reason that eludes me.  This is under Tomcat 7.0.37 and Tomcat 7.0.56.
> >
> > First thing I tried was to add session-config/tracking mode to my web.xml, resulting
in:
> >
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> > <!DOCTYPE web-app PUBLIC
> >    "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
> >    "http://java.sun.com/dtd/web-app_2_3.dtd">
> > <web-app xmlns="http://java.sun.com/xml/ns/javaee"
> >     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
> >     version="3.0">
> 
> You are declaring both 2.3 DTD and 3.0 schema.
> Choose one.
> 
> There exists a system property that turns on "strict servlet
> compliance mode". If you use it, it enables validation of your web.xml
> and will catch silly errors like this one.
> 
> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
> 
> >         <session-config>
> >                 <tracking-mode>COOKIE</tracking-mode>
> >         </session-config>
> 
> If I add the above three lines to the web.xml of examples webapp, it
> works for me.
> 
> http://localhost:8080/examples/servlets/servlet/SessionExample
> On the first visit to that example page look at "URL encoded" link at
> the bottom of the page, whether it contains jsessionid in it or not.
> 
> Best regards,
> Konstantin Kolinko
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



----------
Stephen McCants
Senior Software Engineer
Healthcare Control Systems, Inc.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message