[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

--- Comment #4 from lanarima...@gmail.com ---
Ok. Sorry

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |INVALID

--- Comment #3 from Mark Thomas  ---
See comment #1. The users list is the place for this discussion.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

lanarima...@gmail.com changed:

   What|Removed |Added

Version|unspecified |7.0.53

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

lanarima...@gmail.com changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|INVALID |---

--- Comment #2 from lanarima...@gmail.com ---
I have news.
Comparing AccessLogValve logs and org.apache.catalina.connector.CoyoteAdapter
logs, in normal condition, in front of:

### REQUEST OK HANDLING ###
#AccessLogValve logs
93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET
/rdsv5i/rds-its/xmlv5i/css/style.jsp?resolution=1024X768 HTTP/1.1"
Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6" Set-Cookie="-"

I see:
#CoyoteAdapter logs
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[uriBC] has value [/rdsv5i/rds-its/xmlv5i/css/style.jsp]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[semicolon] has value [-1]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[enc] has value [ISO-8859-1]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId  Requested
cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6


But when tomcat sent a renewed jsessionid (lost session issue), I observed that
although browser sent JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6:

### REQUEST KO HANDLING ###
#AccessLogValve logs
93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET
/rdsv5i/rds-its/xmlv5i/js/customers/righi.js HTTP/1.1" 404 1037
Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6"
Set-Cookie="JSESSIONID=0D954B6C1223E63C54DB8BDA265A7B83.tom01v6; Path=/rdsv5i;
Secure"

Coyote connector doesn't recognize it:
#CoyoteAdapter logs
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[uriBC] has value [/rdsv5i/rds-its/xmlv5i/js/customers/righi.js]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[semicolon] has value [-1]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[enc] has value [ISO-8859-1]

You can observe the missing of:
Requested cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6 in logs

like observed in "REQUEST OK HANDLING"

I suspect some problem in cookie parsing, what do you think?

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED
 OS||All

--- Comment #1 from Mark Thomas  ---
There is insufficient evidence in this report of a bug in Tomcat. The most
likely explanation is an application bug.

The Tomcat 7 version being used is quite old. I don't recall any session
handling issues but it is worth testing to see if an upgrade resolves the
issue.

There are only things that can trigger a Set-Cookie header. The first is
creation of a new session and the second is the session ID change on
authentication.

Given that the original session expires 30 mins after the new session is
created this isn't a session ID change due to authentication. Therefore, a new
session is being created because the previous session cannot be found.

The Set-Cookie="-" looks very strange.

You'll need to do some more investigation with the application to figure out
what is going wrong. You might want to consider logging the HTTP requets
headers and the stack trace for the session creation. If you need help with
investigating your application, the users@ mailing list is the place to ask,
not Bugzilla.

If the discussion on users@ identifies a Tomcat bug then please feel free to
re-open this issue and provide the details.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org