tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat 9 ;jsessionid
Date Thu, 26 Apr 2018 13:11:31 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greg,

On 4/26/18 4:53 AM, Greg Huber wrote:
> Hello,
> 
> One thing I have noticed with Tomcat 9.0.x I get alot
> ;jsessionid=xxx appended to my urls.  This did not happen with
> 8.5.x.
> 
> /images/image_32x32.png;jsessionid=BF27C604B287CCF6DF3DBDB180C2CBEB
>
>  500 Internal Server Error /images/image_32x32.png;jsessionid= ...
> 23784378307846F: 1 Time(s) /images/image_32x32.png;jsessionid= ...
> 85D9B02C5A030FF: 1 Time(s)
> 
> 
>> From previous experience this happens when there is no session.
>> I use
> struts and have used encode="false" on the tags to prevent this:
> 
> <s:url value="/" encode="false" />
> 
> Also I have used (in the past) <%@ page session="false" %> but
> have commented this out as it causes down stream problems for me.
> 
> Would there be a reason why these has now started happening on 9?

I'm not sure about why Tomcat 9 specifically might be doing this if
Tomcat <9 didn't, but this happens when:

1. An unauthenticated user makes a request
2. There was no session-id in the request
3. The server decided to create a session
4. The server can't prove that cookies are supported by the client

When all those things happen, all URLs (when "encoded") should contain
";jsessionid=" path parameters because the client might not accept the
Set-Cookie response header.

You can explicitly disable URL-based session-tracking if you'd like in
WEB-INF/web.xml:

  <session-config>
    <tracking-mode>COOKIE</tracking-mode>
  </session-config>

This will of course require cookies. I'm not sure if that's okay for you
.

As for your image URLs failing due to those path parameters... why are
they failing? Which component is generating those HTTP 500 responses?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrh0AMACgkQHPApP6U8
pFgxbw//dyJKCTcfaHSIsFWC1VbPbe3glKZhq9iKROiJZohtc4+muXL00uwNA7tv
SyX9B2WcknHInEO1jmN0aXdiTs8mri1iqJsLYyomwCWsyMlD0Ekkwk8C6BHdHVbv
HExzFmQ0sChs6X37SYUpdbW8LMe/9g8aGgY4EbpTT7jzMk6cq+iXqLIpQEpbCFLX
VnBY+8HJtKN7Asernrb44ZVrHhdVAv+jT8CcNMw96K2sMKm1fXYXqI1WD7Gx3sDO
uQyb17mVNepK/6qnaJ6F6a3Rzmwf1+CDzi+LRtpX39/8ebkT1gC+8dpFZ2wrOb7P
n1Gx+fEhoYS6g2F+ytcpJaKVId1s5AEJCWQoF+WkWdc+XN7qR2HBPGuYX0hh7KxQ
01+LSrN88j5GXvtFnFIzcMCrpUg1q7BVnLVVItusuDSbRJFBTt899ekYH1xfe/Vu
TVuK4K6fSZPGw3vK7JxkYK0I7mjZrNonyqjDvr2mBcwrK2u98EnhuctwLYvF9ilt
DGEb3prZHvr7cjceSJ/MAoff7OU/ZAnuCGYhRxpb1DHsVAaSMyxa3gqOMy025WHh
WviCRORP/sru1YRvd33eS1ZhEtawcTpmP7meyDSTRSBI6tf61Gmw7tIr/vnQL4YJ
Z/IaXFgjQJR57bxjG/G+/4xyDe3VB6W8V73tymC6l6mWYfwtGH4=
=xqYE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message