tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <techst...@malcolms.com>
Subject Re: Session Persistence Problems
Date Thu, 11 Apr 2019 14:35:28 GMT
Thanks for the quick response, Luis.  Answers below:

On 4/11/2019 3:22 AM, Luis Rodríguez Fernández wrote:
> Hello Jerry,
>
>> I'm using single sign-on
> Do you mean tomcat Single Sign On valve? [1], a third party solution or
> your custom implementation? That can change the game completely :)
Yes, standard Tomcat-provided single sign on valve
>
>> some RewriteRules in httpd
> Can you share them? That could change the game also :)

Here's some of my rewrite rules from httpd.conf for this virtualhost:

          RewriteRule ^/create_user$ 
/idmanager/jsp/guest/createuser.jsp? [PT]
          RewriteRule ^/forgot_password$ 
/idmanager/jsp/guest/forgotpassword.jsp? [PT]
          RewriteRule ^/logoff$ /idmanager/jsp/guest/logoff.jsp [PT]
          RewriteRule ^/change_password$ 
/idmanager/jsp/user/changepassword.jsp? [PT]
          RewriteRule ^/login$ /idmanager/jsp/user/home.jsp [PT]
          RewriteRule ^/userhome$ /idmanager/jsp/user/home.jsp? [PT]
          RewriteRule ^/cart$ /order/jsp/guest/cart.jsp? [PT,QSA]
          RewriteRule ^/checkout$ /order/jsp/guest/checkout.jsp? [PT]
          RewriteRule ^/submitOrder$ /order/jsp/guest/orderSubmit.jsp? 
[PT,QSA]
          RewriteRule ^/displayImage$ /order/jsp/guest/productPage.jsp? 
[PT,QSA]
          RewriteRule ^/product$ /order/jsp/guest/productPage.jsp? [PT,QSA]
          RewriteRule ^/storeFront$ /order/jsp/guest/storeFront.jsp [PT]
          RewriteRule ^/orders$ /order/jsp/user/orderList.jsp? [PT]
          RewriteRule ^/pay$ /payment/jsp/user/flcPayProvision.jsp [PT]
          RewriteRule ^/projectlist$ 
/projectmanager/jsp/user/projectlist3.jsp? [PT]
          RewriteRule ^/about$ /upartyrental/jsp/guest/about.jsp? [PT]
          RewriteRule ^/$ /upartyrental/jsp/guest/uprHome.jsp [PT]

>
> Cheers,
>
> Luis
>
> [1]
> https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve
>
>
>
>
>
>
>
> El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm (<techstuff@malcolms.com>)
> escribió:
>
>> I have a TC host that is running about 10 separate webapps that interact
>> with each other.  I understand that sessions are per-webapp.  But within
>> one webapp, with the same browser just making different calls to the
>> same webapp is starting new sessions about 30% of the time.  I've put a
>> debug statement at the beginning of all of my JSPs that logs
>> session.isNew().  It'll start a new session, then use it for 10 or so
>> subsequent calls. But then it'll decide to drop that session and start a
>> new one that it'll subsequently use for a while. The setup is nothing
>> fancy.  It's just calling several different JSPs within the same webapp
>> (context).  I am keeping data in the session that really needs to
>> persist for the duration of the 'real' session between the user and the
>> site.  So this is a serious problem.   (This is happening both with
>> Firefox and Chrome).  I'm using TC 9.0.1 on Windows.
>>
>> I definitely could have some misunderstandings here.  But my first
>> understanding is that once a browser makes a call to a webapp, a session
>> is created, and that session remains around until invalidated on a
>> logout or a timeout occurred, and that webapp uses that session for the
>> remainder of the activity between that browser and that webapp.  If
>> that's not the case, then please set me straight. If that assumption is
>> correct, what could possibly be causing the sessions to keep dropping
>> and new ones created?
>>
>> Interestingly, logon state is not being dropped with the new sessions.
>> I'm using single sign-on.  So that may be ensuring the logon doesn't drop.
>>
>> The only thing I can come up with is that I'm using some RewriteRules in
>> httpd to map the complex url paths to single words like "/product". (SEO
>> advisor told me to do that...) I'm trying to see in the logs if there is
>> a correlation between rewrites and the new sessions.  But I can't really
>> tell if that's what's causing it.
>>
>> Am I missing or do I have some sort of errant configuration setting that
>> is causing the sessions to keep reinitiating?  Is there something else
>> I'm missing?  I really need to have sessions that last as long as the
>> user is on the site.
>>
>> Suggestions?  Help??
>>
>> Thx.
>>
>> Jerry
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message