tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <techst...@malcolms.com>
Subject Re: Session Persistence Problems
Date Thu, 11 Apr 2019 19:29:15 GMT
Alternatively, if I had a better understanding of how sessions are 
managed by both TC and the browser, it might help me figure out what is 
going wrong.  I know a session key is generated by TC and sent back in a 
response.  And I'm assuming that the browser must return that session 
key on subsequent calls.  But if there are several webapps on domain, 
how does the browser differentiate which session key to send back on a 
subsequent response?  Is it just understood that the first 'folder' 
level under the domain (i.e. context name) is always a different session 
key? (myDomain.com/order vs. myDomain/account)?   Or does the browser 
send all session keys back per domain and let TC figure out which one, 
if any, to use?   Again, just looking for a little education here....

Thx.

Jerry

On 4/11/2019 9:35 AM, Jerry Malcolm wrote:
> Thanks for the quick response, Luis.  Answers below:
>
> On 4/11/2019 3:22 AM, Luis Rodríguez Fernández wrote:
>> Hello Jerry,
>>
>>> I'm using single sign-on
>> Do you mean tomcat Single Sign On valve? [1], a third party solution or
>> your custom implementation? That can change the game completely :)
> Yes, standard Tomcat-provided single sign on valve
>>
>>> some RewriteRules in httpd
>> Can you share them? That could change the game also :)
>
> Here's some of my rewrite rules from httpd.conf for this virtualhost:
>
>          RewriteRule ^/create_user$ 
> /idmanager/jsp/guest/createuser.jsp? [PT]
>          RewriteRule ^/forgot_password$ 
> /idmanager/jsp/guest/forgotpassword.jsp? [PT]
>          RewriteRule ^/logoff$ /idmanager/jsp/guest/logoff.jsp [PT]
>          RewriteRule ^/change_password$ 
> /idmanager/jsp/user/changepassword.jsp? [PT]
>          RewriteRule ^/login$ /idmanager/jsp/user/home.jsp [PT]
>          RewriteRule ^/userhome$ /idmanager/jsp/user/home.jsp? [PT]
>          RewriteRule ^/cart$ /order/jsp/guest/cart.jsp? [PT,QSA]
>          RewriteRule ^/checkout$ /order/jsp/guest/checkout.jsp? [PT]
>          RewriteRule ^/submitOrder$ /order/jsp/guest/orderSubmit.jsp? 
> [PT,QSA]
>          RewriteRule ^/displayImage$ /order/jsp/guest/productPage.jsp? 
> [PT,QSA]
>          RewriteRule ^/product$ /order/jsp/guest/productPage.jsp? 
> [PT,QSA]
>          RewriteRule ^/storeFront$ /order/jsp/guest/storeFront.jsp [PT]
>          RewriteRule ^/orders$ /order/jsp/user/orderList.jsp? [PT]
>          RewriteRule ^/pay$ /payment/jsp/user/flcPayProvision.jsp [PT]
>          RewriteRule ^/projectlist$ 
> /projectmanager/jsp/user/projectlist3.jsp? [PT]
>          RewriteRule ^/about$ /upartyrental/jsp/guest/about.jsp? [PT]
>          RewriteRule ^/$ /upartyrental/jsp/guest/uprHome.jsp [PT]
>
>>
>> Cheers,
>>
>> Luis
>>
>> [1]
>> https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve 
>>
>>
>>
>>
>>
>>
>>
>>
>> El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm 
>> (<techstuff@malcolms.com>)
>> escribió:
>>
>>> I have a TC host that is running about 10 separate webapps that 
>>> interact
>>> with each other.  I understand that sessions are per-webapp. But within
>>> one webapp, with the same browser just making different calls to the
>>> same webapp is starting new sessions about 30% of the time. I've put a
>>> debug statement at the beginning of all of my JSPs that logs
>>> session.isNew().  It'll start a new session, then use it for 10 or so
>>> subsequent calls. But then it'll decide to drop that session and 
>>> start a
>>> new one that it'll subsequently use for a while. The setup is nothing
>>> fancy.  It's just calling several different JSPs within the same webapp
>>> (context).  I am keeping data in the session that really needs to
>>> persist for the duration of the 'real' session between the user and the
>>> site.  So this is a serious problem.   (This is happening both with
>>> Firefox and Chrome).  I'm using TC 9.0.1 on Windows.
>>>
>>> I definitely could have some misunderstandings here.  But my first
>>> understanding is that once a browser makes a call to a webapp, a 
>>> session
>>> is created, and that session remains around until invalidated on a
>>> logout or a timeout occurred, and that webapp uses that session for the
>>> remainder of the activity between that browser and that webapp.  If
>>> that's not the case, then please set me straight. If that assumption is
>>> correct, what could possibly be causing the sessions to keep dropping
>>> and new ones created?
>>>
>>> Interestingly, logon state is not being dropped with the new sessions.
>>> I'm using single sign-on.  So that may be ensuring the logon doesn't 
>>> drop.
>>>
>>> The only thing I can come up with is that I'm using some 
>>> RewriteRules in
>>> httpd to map the complex url paths to single words like "/product". 
>>> (SEO
>>> advisor told me to do that...) I'm trying to see in the logs if 
>>> there is
>>> a correlation between rewrites and the new sessions.  But I can't 
>>> really
>>> tell if that's what's causing it.
>>>
>>> Am I missing or do I have some sort of errant configuration setting 
>>> that
>>> is causing the sessions to keep reinitiating?  Is there something else
>>> I'm missing?  I really need to have sessions that last as long as the
>>> user is on the site.
>>>
>>> Suggestions?  Help??
>>>
>>> Thx.
>>>
>>> Jerry
>>>
>>>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message