RE: Tomcat - Automatically writes a session?
Login to the tomcat server administration (http://serverhost:8080/admin). In the left frame go to Tomcat Server - Service - Host. Below the Host click on the context which is applicable to your web application. In the right frame you can see the Context properties. Set the values for Cookies to 'false'. Click on 'Save'. Is it worth trying!!!??? Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
Howdy, Well, the cookie is written but RAM memory must be allocated for these users as well, right? If you have a timeout set to 30 minutes, you've got a lot of little pieces of RAM being held by these users at any given time. Seems waistful to me, regardless how small they are. It just seems silly to be writing cookies for every page, regardless of whether you need one. Ignoring the fact this is a spec-mandate feature, I suggest you run a profiler on tomcat with your alleged cookie problem to see how much memory is wasted before you complain. Care to put your money where your mouth is? ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
You have to specify it on the JSP pages. I can't remember it properly, but it must be something like: @page session=false @ Google for it on the Tomcat site. I think you will find it. Antonio Fiol Neal wrote: Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
RE: Tomcat - Automatically writes a session?
You're kidding? So, by default, I'm writing a freaking session for every single page? That sounds like a colossal waist of resources. Thanks though for the tip! Neal -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Monday, January 19, 2004 11:46 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? You have to specify it on the JSP pages. I can't remember it properly, but it must be something like: @page session=false @ Google for it on the Tomcat site. I think you will find it. Antonio Fiol Neal wrote: Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
I used the tag [EMAIL PROTECTED] session=false% which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Thanks. N -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Monday, January 19, 2004 11:46 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? You have to specify it on the JSP pages. I can't remember it properly, but it must be something like: @page session=false @ Google for it on the Tomcat site. I think you will find it. Antonio Fiol Neal wrote: Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
Unreal I've done everything I can think of and I'm still seeing a JSession cookie in the header of my pages: I've tried: 1. server.xml file - host/@cookies=false 2. [EMAIL PROTECTED] session=false% as the first line of the JSP. 3. Restarted application numerous times. 4. Absolutely no code to write a cookie or a session ANYWHERE in the entire applcation. Any ideas??! Here's the Header being returned: Server Response: http://www.travelusa.com/hotels.jsp?2 Status: HTTP/1.1 200 OK Set-Cookie: JSESSIONID=FC6ECEFBABA482AE6707EC400E229FB1; Path=/ Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Tue, 20 Jan 2004 10:44:21 GMT Server: Apache Coyote/1.0 Thanks. N -Original Message- From: Neal [mailto:[EMAIL PROTECTED] Sent: Monday, January 19, 2004 11:53 PM To: 'Tomcat Users List' Subject: RE: Tomcat - Automatically writes a session? You're kidding? So, by default, I'm writing a freaking session for every single page? That sounds like a colossal waist of resources. Thanks though for the tip! Neal -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Monday, January 19, 2004 11:46 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? You have to specify it on the JSP pages. I can't remember it properly, but it must be something like: @page session=false @ Google for it on the Tomcat site. I think you will find it. Antonio Fiol Neal wrote: Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
Howdy, Are you authenticating users accessing your application? To address some of your other concerns: - Cookies will not prevent google from indexing your site, you can test that pretty easily. - Maintaining a session per user is not a big deal, as these are tiny objects by default. They only get big if you put big attributes in them. Yoav Shapira Millennium ChemInformatics -Original Message- From: Neal [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 1:53 AM To: 'Tomcat Users List' Subject: Tomcat - Automatically writes a session? Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
[] - Maintaining a session per user is not a big deal, as these are [] - tiny [] - objects by default. They only get big if you put big attributes [] - in [] - them. Make sure sessiontimeout is not -1 Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file That [] Wonder !!! why [EMAIL PROTECTED] session=false % not doing the act - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
Neal wrote: I used the tag [EMAIL PROTECTED] session=false% which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol smime.p7s Description: S/MIME Cryptographic Signature
Re: Tomcat - Automatically writes a session?
Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag [EMAIL PROTECTED] session=false% which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour Context path= docBase=ROOT cookies=false/ from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag [EMAIL PROTECTED] session=false% which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
Unfortunately this isn't working either. In addition to the [EMAIL PROTECTED] session=false% directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer [EMAIL PROTECTED] wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
Re: Tomcat - Automatically writes a session?
Its on by default because the spec says so. Are you sure you don't have a filter or anything else creating a session? I created a page called cowbell with this content with tomcat 4.1: -- [EMAIL PROTECTED] session=false% foo -- Then simulated a web browser: -- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close foo Connection closed by foreign host. -- -Tim neal cabage wrote: Unfortunately this isn't working either. In addition to the [EMAIL PROTECTED] session=false% directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer [EMAIL PROTECTED] wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
Yeah, I see the same thing. No jsessionId in the header. with %@ page session=false % [EMAIL PROTECTED] 1/20/04 3:31:31 PM Its on by default because the spec says so. Are you sure you don't have a filter or anything else creating a session? I created a page called cowbell with this content with tomcat 4.1: -- [EMAIL PROTECTED] session=false% foo -- Then simulated a web browser: -- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close foo Connection closed by foreign host. -- -Tim neal cabage wrote: Unfortunately this isn't working either. In addition to the [EMAIL PROTECTED] session=false% directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer [EMAIL PROTECTED] wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - Automatically writes a session?
Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? What sort of filters should I be looking for that could be setting a cookie? btw - my config is just straight Tomcat 4.1, no Apache. If you want to see an example of what I'm seeing, please go to http://www.travelusa.com/. If you can recommend any filters or anything else like that I should be looking at, please let me know. Thanks for your help. Neal Jeff Tulley [EMAIL PROTECTED] wrote: Yeah, I see the same thing. No jsessionId in the header. with session=false % [EMAIL PROTECTED] 1/20/04 3:31:31 PM Its on by default because the spec says so. Are you sure you don't have a filter or anything else creating a session? I created a page called cowbell with this content with tomcat 4.1: -- foo -- Then simulated a web browser: -- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close foo Connection closed by foreign host. -- -Tim neal cabage wrote: Unfortunately this isn't working either. In addition to the session=false%directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
RE: Tomcat - Automatically writes a session?
I think it's slightly unfair to characterise the 'on by default' as a 'huge' waste of resources. As Yoav mentioned, the session object is essentially empty and very small. If you don't use it, it should not be a problem. As for 'RAM resources to write a cookie...', that's accomplished on the client, so no load on our server. Also, because it's on by default, you need to ensure that every single JSP includes the 'no session please' directive. Missing it once will create a session for every user that hits the page. Look for this especially in some sort of 'meta' page (like header.jsp or login.jsp or footer.jsp) which are included in any number of other pages. As for filters, people are referring to any javax.servlet.Filter classes you may have written. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 3:48 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat - Automatically writes a session? Unfortunately this isn't working either. In addition to the [EMAIL PROTECTED] session=false% directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer [EMAIL PROTECTED] wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
I like using Mozilla for cookie inspection. Its setup screens let you clear your cookie cache, inspect cookies on your system, and accept/deny each cookie sent to you, as they are sent to you, including jsessionid 'session' cookies. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 5:00 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat - Automatically writes a session?
Well, the cookie is written but RAM memory must be allocated for these users as well, right? If you have a timeout set to 30 minutes, you've got a lot of little pieces of RAM being held by these users at any given time. Seems waistful to me, regardless how small they are. It just seems silly to be writing cookies for every page, regardless of whether you need one. Well, no - no I don't use any filters, I do have that directive for no session and I do have the cookies=false in my server.xml. I guess I'll take another look but everything I've been tyring isnt' working. grrr. Mike Curwen [EMAIL PROTECTED] wrote: I think it's slightly unfair to characterise the 'on by default' as a 'huge' waste of resources. As Yoav mentioned, the session object is essentially empty and very small. If you don't use it, it should not be a problem. As for 'RAM resources to write a cookie...', that's accomplished on the client, so no load on our server. Also, because it's on by default, you need to ensure that every single JSP includes the 'no session please' directive. Missing it once will create a session for every user that hits the page. Look for this especially in some sort of 'meta' page (like header.jsp or login.jsp or footer.jsp) which are included in any number of other pages. As for filters, people are referring to any javax.servlet.Filter classes you may have written. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 3:48 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat - Automatically writes a session? Unfortunately this isn't working either. In addition to the directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. Antonio Fiol Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
RE: Tomcat - Automatically writes a session?
Thanks for the tip. I'll definitely check it out. I've heard its a lot better for javascript debugs as well. Mike Curwen [EMAIL PROTECTED] wrote: I like using Mozilla for cookie inspection. Its setup screens let you clear your cookie cache, inspect cookies on your system, and accept/deny each cookie sent to you, as they are sent to you, including jsessionid 'session' cookies. -Original Message- From: neal cabage [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 20, 2004 5:00 PM To: Tomcat Users List Subject: Re: Tomcat - Automatically writes a session? Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Hotjobs: Enter the Signing Bonus Sweepstakes
Re: Tomcat - Automatically writes a session?
I'm old school. I still use telnet. For example, from any unix (or cygwin) prompt: [EMAIL PROTECTED]: telnet www.travelusa.com 80 Trying 64.58.141.168... Connected to travelusa.com. Escape character is '^]'. GET / HTTP/1.1 Host: www.travelusa.com Connection: close HTTP/1.1 200 OK Set-Cookie: JSESSIONID=08C6F968CE52476E25202D9B3B41B4C3; Path=/ Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Wed, 21 Jan 2004 02:27:55 GMT Server: Apache Coyote/1.0 Connection: close Yup - I see a cookie being set. Are there are filters on the webapp? Look for filter in web.xml. Is you index page performing a request dispatcher forward? Are you sure the page is being after being edited to session=false is being recompiled. I sometimes use HTML comments to verify the page was recompiled. -Tim neal cabage wrote: Which tool are you guys using to view your http response header? I'm using the following: http://www.searchengineworld.com/cgi-bin/servercheck.cgi Do you see the cookie being set using this tool? What sort of filters should I be looking for that could be setting a cookie? btw - my config is just straight Tomcat 4.1, no Apache. If you want to see an example of what I'm seeing, please go to http://www.travelusa.com/. If you can recommend any filters or anything else like that I should be looking at, please let me know. Thanks for your help. Neal Jeff Tulley [EMAIL PROTECTED] wrote: Yeah, I see the same thing. No jsessionId in the header. with session=false % [EMAIL PROTECTED] 1/20/04 3:31:31 PM Its on by default because the spec says so. Are you sure you don't have a filter or anything else creating a session? I created a page called cowbell with this content with tomcat 4.1: -- foo -- Then simulated a web browser: -- [EMAIL PROTECTED]: telnet localhost 8080 Trying 127.0.0.1... Connected to fever.joedog.org. Escape character is '^]'. GET /cowbell.jsp HTTP/1.1 Host: fever.joedog.org:8080 Connection: close HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 5 Date: Tue, 20 Jan 2004 22:28:20 GMT Server: Apache-Coyote/1.1 Connection: close foo Connection closed by foreign host. -- -Tim neal cabage wrote: Unfortunately this isn't working either. In addition to the session=false%directive in my JSP, I have also set the cookies=false attribute in my server.xml file, for the host in question. It is *still* happening! Perhaps this is a Tomcat bug, as previously suggested? Correct me if I'm wrong, but doesn't this imply a *HUGE* waist of RAM resources to be writing a cookie like this by default? Why on earth would a web app do this by default? Are there any other ways to shut it off? It was mentioned in the previous thread to look at the servlet being compiled, which may be a good idea - but I don't know what the solution will be if it is in fact compiling the servlet incorrectly. Any other config opps to choke it off? Neal Torsten Fohrer wrote: tomcat sents automatically a cookie named jsessionid for session maintain to a browser. with cookies=false as a context attrribute you disable this behaviour from tomcat documentation: -- cookies Set to true if you want cookies to be used for session identifier communication if supported by the client (this is the default). Set to false if you want to disable the use of cookies for session identifier communication, and rely only on URL rewriting by the application. or http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html cu Torsten Fohrer On Tuesday 20 January 2004 20:58, you wrote: Verify in your JSP's .java file that sessions are really being turned off. Look to see if there is a session=pageContext.getSession() Also, I think the call to pageContext = _jspxFactory.getPageContext(. Needs to have false as the 3rd to last argument. [EMAIL PROTECTED] 1/20/04 12:39:54 PM Neal wrote: I used the tag which does appear correct, but I'm still seeing that header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ There are two reasons why I want to get rid of this: 1. I assume I'm waiting server resources holding open a session for every user, unnecessarily. 2. I've been told this may prevent Google from properly spidering the site. Can you please shed any more light on how to fix this potential issue? Probably not, but I will try... Did you clear the cookies on your browser? If the browser is saying Hi! XXX is my session ID, then, (iif that session exists), tomcat is free of saying Hi! keep your session ID, which is XXX Other than that, no idea. I have never struggled to avoid cookies. Sorry. I was only echoing something I have read in the past. - To unsubscribe, e-mail: [EMAIL
Tomcat - Automatically writes a session?
Someone just pointed out that my JSPs are have this in the header: Set-Cookie: JSESSIONID=97C8777F16379B8EC2CD17273CE35C3C; Path=/ The problem is that I'm not setting any sessions or cookies from the page so I have no idea what's going on. Is there some reason this is there? Is there some setting in the Web.xml and/or server.xml file that I must tweak? PS - I use Tomcat has my http server, not apache (in case that's meaningful). Thanks. Neal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]