tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Rodríguez Fernández <>
Subject Re: Session Persistence Problems
Date Thu, 11 Apr 2019 08:22:31 GMT
Hello Jerry,

> I'm using single sign-on

Do you mean tomcat Single Sign On valve? [1], a third party solution or
your custom implementation? That can change the game completely :)

> some RewriteRules in httpd

Can you share them? That could change the game also :)




El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm (<>)

> I have a TC host that is running about 10 separate webapps that interact
> with each other.  I understand that sessions are per-webapp.  But within
> one webapp, with the same browser just making different calls to the
> same webapp is starting new sessions about 30% of the time.  I've put a
> debug statement at the beginning of all of my JSPs that logs
> session.isNew().  It'll start a new session, then use it for 10 or so
> subsequent calls. But then it'll decide to drop that session and start a
> new one that it'll subsequently use for a while. The setup is nothing
> fancy.  It's just calling several different JSPs within the same webapp
> (context).  I am keeping data in the session that really needs to
> persist for the duration of the 'real' session between the user and the
> site.  So this is a serious problem.   (This is happening both with
> Firefox and Chrome).  I'm using TC 9.0.1 on Windows.
> I definitely could have some misunderstandings here.  But my first
> understanding is that once a browser makes a call to a webapp, a session
> is created, and that session remains around until invalidated on a
> logout or a timeout occurred, and that webapp uses that session for the
> remainder of the activity between that browser and that webapp.  If
> that's not the case, then please set me straight. If that assumption is
> correct, what could possibly be causing the sessions to keep dropping
> and new ones created?
> Interestingly, logon state is not being dropped with the new sessions.
> I'm using single sign-on.  So that may be ensuring the logon doesn't drop.
> The only thing I can come up with is that I'm using some RewriteRules in
> httpd to map the complex url paths to single words like "/product". (SEO
> advisor told me to do that...) I'm trying to see in the logs if there is
> a correlation between rewrites and the new sessions.  But I can't really
> tell if that's what's causing it.
> Am I missing or do I have some sort of errant configuration setting that
> is causing the sessions to keep reinitiating?  Is there something else
> I'm missing?  I really need to have sessions that last as long as the
> user is on the site.
> Suggestions?  Help??
> Thx.
> Jerry
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message