[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122 --- Comment #4 from lanarima...@gmail.com --- Ok. Sorry -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122 Mark Thomaschanged: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |INVALID --- Comment #3 from Mark Thomas --- See comment #1. The users list is the place for this discussion. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122 lanarima...@gmail.com changed: What|Removed |Added Version|unspecified |7.0.53 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122 lanarima...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #2 from lanarima...@gmail.com --- I have news. Comparing AccessLogValve logs and org.apache.catalina.connector.CoyoteAdapter logs, in normal condition, in front of: ### REQUEST OK HANDLING ### #AccessLogValve logs 93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET /rdsv5i/rds-its/xmlv5i/css/style.jsp?resolution=1024X768 HTTP/1.1" Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6" Set-Cookie="-" I see: #CoyoteAdapter logs 08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [uriBC] has value [/rdsv5i/rds-its/xmlv5i/css/style.jsp] 08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [semicolon] has value [-1] 08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [enc] has value [ISO-8859-1] 08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3] org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId Requested cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6 But when tomcat sent a renewed jsessionid (lost session issue), I observed that although browser sent JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6: ### REQUEST KO HANDLING ### #AccessLogValve logs 93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET /rdsv5i/rds-its/xmlv5i/js/customers/righi.js HTTP/1.1" 404 1037 Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6" Set-Cookie="JSESSIONID=0D954B6C1223E63C54DB8BDA265A7B83.tom01v6; Path=/rdsv5i; Secure" Coyote connector doesn't recognize it: #CoyoteAdapter logs 08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [uriBC] has value [/rdsv5i/rds-its/xmlv5i/js/customers/righi.js] 08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [semicolon] has value [-1] 08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [enc] has value [ISO-8859-1] You can observe the missing of: Requested cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6 in logs like observed in "REQUEST OK HANDLING" I suspect some problem in cookie parsing, what do you think? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID
https://bz.apache.org/bugzilla/show_bug.cgi?id=59122 Mark Thomaschanged: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED OS||All --- Comment #1 from Mark Thomas --- There is insufficient evidence in this report of a bug in Tomcat. The most likely explanation is an application bug. The Tomcat 7 version being used is quite old. I don't recall any session handling issues but it is worth testing to see if an upgrade resolves the issue. There are only things that can trigger a Set-Cookie header. The first is creation of a new session and the second is the session ID change on authentication. Given that the original session expires 30 mins after the new session is created this isn't a session ID change due to authentication. Therefore, a new session is being created because the previous session cannot be found. The Set-Cookie="-" looks very strange. You'll need to do some more investigation with the application to figure out what is going wrong. You might want to consider logging the HTTP requets headers and the stack trace for the session creation. If you need help with investigating your application, the users@ mailing list is the place to ask, not Bugzilla. If the discussion on users@ identifies a Tomcat bug then please feel free to re-open this issue and provide the details. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org