Re: New session PER REQUEST
On 9/25/06, Maurice Yarrow <[EMAIL PROTECTED]> wrote: So, (apropos of the issues I saw with my setup) were there multiple hosts, one or more of which required both http and https access ? This particular installation had no https requirements. If that's not a complete deal-breaker, I could probably whip up a sanitized sample config -- let me know. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Hello, again, Hassan I'd like to ask a couple of questions about your | tomcat httpd <--> mod_proxy_ajp <===> | tomcat | tomcat setup. And the reason that I'm interested is because maybe it provides a solution to the setup issues I had with multiple http/https hosts in tomcat fronted by httpd. And since you report that "it didn't seem particularly onerous", it would behove me to learn about how your setup was configured. So, (apropos of the issues I saw with my setup) were there multiple hosts, one or more of which required both http and https access ? (At this point I should point out that the multiple hosts I have all contain the same web apps, but three of the four hosts are for development only. Nevertheless, the name of the contexts is the same in each of the four hosts. Of course, I could have given them different contexts all out of the same single host by simply wrapping in a differently named .war file, it is true, and that would have been the next configuration attempt I was going to make.) So the next obvious question is: are there aspects of the configuration that you devised that you could publicly share ? Were there any tricks that you required and devised that could be shared ? (I fully appreciate that the answer to both questions may be "No" and of course, I fully respect your decision on this matter, whichever it is.) Maurice Hassan Schroeder wrote: 2) my only recent experience using an Apache front-end was setting up a small cluster of multi-host Tomcats using Apache 2.2.x and mod_proxy_ajp; obviously more work than just Tomcat alone, but it didn't seem particularly onerous. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Darren Thanks for explaining what you did. I may also take a look at your method. I like not to leave stones unturned, so to speak... But it would appear that no matter which way you do it, it will have complexity if what you are trying to connect is itself a resonably complex and real-world app. Maurice Darren Hall wrote: Thanks Maurice. I'll need to look into this. The one difficulty I have NOT seen is losing the session ID. I do get session ID persistence where it is permitted (across http page transitions, across https page transitions, and across http->https page transition) Maurice Yarrow The loss of session is due to a combination of things, namely the fact that I'm using mod_rewrite in order to add to and remove elements from the url and the way that Tomcat binds sessions to a given context. I wanted to filter out the app path information, so in www.abcdomain.com/abc I don't want the user to see the last /abc portion of the url - however Tomcat needs that to bind to the correct application context. I was adding it before the request was sent to Tomcat using mod_rewrite and then removing it on the way back using mod_proxy, however I was losing the session every time. Then I found this thread from this listserv from Feb of this year: http://mail-archives.apache.org/mod_mbox/tomcat-users/200602.mbox/%3C00b301c [EMAIL PROTECTED] It seems others ran into the same issue I did. The work around is setting the attribute emptySessionPath="true" in the element in server.xml. By doing this, the session is no longer tied to the current context based on the url (which I was losing on my rewrites) but instead it seems to be bound to the current default context (that last statement is actually incorrect and oversimplified, but explanation enough for me for now). Because of the way I am using virtual hosts, this works for me. I'm sure this will be a tremendous pain months from now if I need to make changes, but seeing as I have a tight deadline, I'll use this work around for now and hope for the best later. Thanks for all the help everyone! - Darren - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Hi Hassan Yes, thanks for sharing this point: not particularly onerous. And I would have to say that the original mechanism I used just for www.mydomain.net was not too much of a problem other that the javascript URL args (which will not in browser expand relative paths to include the scheme:domain/context portion), so it had to be forced if I wanted javascript function for onclick instead of https://devel.mydomain.net, etc. All of which points to the need for a better solution to fronting tomcat, if required. For this, I am also now considering fronting both tomcat and apache with pound. Unbelieveable, the lengths I will go to get what I want... Maurice Hassan Schroeder wrote: On 9/25/06, Maurice Yarrow <[EMAIL PROTECTED]> wrote: And, fronting with Apache 2.0, and using mod_proxy, I just had one heck of a time getting this to work right. I used httpd OK, two points -- 1) it's not clear that the OP *needs* Apache in front of Tomcat -- if not, the whole issue becomes moot :-) 2) my only recent experience using an Apache front-end was setting up a small cluster of multi-host Tomcats using Apache 2.2.x and mod_proxy_ajp; obviously more work than just Tomcat alone, but it didn't seem particularly onerous. And of course there may be some areas (e.g. your JavaScript example) that need unique tweaking depending on the individual webapp. FWIW! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
On 9/25/06, Maurice Yarrow <[EMAIL PROTECTED]> wrote: And, fronting with Apache 2.0, and using mod_proxy, I just had one heck of a time getting this to work right. I used httpd OK, two points -- 1) it's not clear that the OP *needs* Apache in front of Tomcat -- if not, the whole issue becomes moot :-) 2) my only recent experience using an Apache front-end was setting up a small cluster of multi-host Tomcats using Apache 2.2.x and mod_proxy_ajp; obviously more work than just Tomcat alone, but it didn't seem particularly onerous. And of course there may be some areas (e.g. your JavaScript example) that need unique tweaking depending on the individual webapp. FWIW! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
Thanks Maurice. I'll need to look into this. > The one difficulty I have NOT seen is losing the session ID. > I do get session ID persistence where it is permitted (across http page > transitions, across https page transitions, and across http->https page > transition) > > Maurice Yarrow The loss of session is due to a combination of things, namely the fact that I'm using mod_rewrite in order to add to and remove elements from the url and the way that Tomcat binds sessions to a given context. I wanted to filter out the app path information, so in www.abcdomain.com/abc I don't want the user to see the last /abc portion of the url - however Tomcat needs that to bind to the correct application context. I was adding it before the request was sent to Tomcat using mod_rewrite and then removing it on the way back using mod_proxy, however I was losing the session every time. Then I found this thread from this listserv from Feb of this year: http://mail-archives.apache.org/mod_mbox/tomcat-users/200602.mbox/%3C00b301c [EMAIL PROTECTED] It seems others ran into the same issue I did. The work around is setting the attribute emptySessionPath="true" in the element in server.xml. By doing this, the session is no longer tied to the current context based on the url (which I was losing on my rewrites) but instead it seems to be bound to the current default context (that last statement is actually incorrect and oversimplified, but explanation enough for me for now). Because of the way I am using virtual hosts, this works for me. I'm sure this will be a tremendous pain months from now if I need to make changes, but seeing as I have a tight deadline, I'll use this work around for now and hope for the best later. Thanks for all the help everyone! - Darren - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Hi Hassan Maurice here. Yeah, I've been following this thread, and at this moment I'm stepping into this discussion because: My tomcat has four host elements: the primary (localhost -> tomcat/webapps) as usual, plus three development hosts: devel.mydomain.net -> tomcat/webappsDevel devel2.mydomain.net -> tomcat/webappsDevel2 devel3.mydomain.net -> tomcat/webappsDevel3 where, for example, the host is configured: of a time getting this to work right. I used httpd sections but there was a heck of a lot of configuration to do. In other words, the virtual host of apache will ProxyPass and ProxyPassReverse to the appropriate tomcat Host element, where the port number has to appear (8080,8443) to distinguish from the main (80,443). There also had to be separate virtual hosts in the ssl.conf in httpd to handle the 443 -> 8443 side, these also with ProxyPass and ProxyPassReverse. Seems to me this turned out to be anything but obvious. In addition, if I don't want the :8080 and :8443 showing up on the client side URL line in browser, then I had two solutions that worked: 1) mod_proxy_html to filter these out, which had a simple but non-obvious configuration, and which turned out to be somewhat expensive, since I have explicit alsolute URLs inside javascript function argument lists. (These are formed on the fly from request obj info methods, so they really start as relative paths, for portability) The expensive part is that turning on the mod_proxy_html " ProxyHTMLExtended On" (for parsing script elements on the outgoing html) is warned by Nick Kew to be expensive, and it is ! 2). (Instead) I actually filter inside the JSP's all the relevant formed URLs before they are explicitly written into the javascript args to remove the :8080 and :8443 in the generated pages. Of course, scheme is indicated by http: or https: Bottom line: easy to front tomcat with apache if the tomcat configuration is itself simple (only http://www.domain.net, say) but the moment that additional tomcat hosts show up, with http/https portions, then this all becomes much more difficult. The one difficulty I have NOT seen is losing the session ID. I do get session ID persistence where it is permitted (across http page transitions, across https page transitions, and across http->https page transition) Maurice Yarrow Hassan Schroeder wrote: On 9/25/06, Darren Hall <[EMAIL PROTECTED]> wrote: ... The client does not want to see urls with an identifier on the end of them (i.e. www.abcdomain.com/abc), yet I need the identifier to correctly send the request to the correct container in Tomcat (meaning the abc app lives under the /abc folder under webapps in Tomcat). So when a request comes in for www.abcdomain.com I need to forward that request to Tomcat with an /abc on the end of it so that Tomcat correctly resolves it to the "abc" application and then when the response is returned to the user the url still appears as www.abcdomain.com with no /abc identifier after it. (Does this make sense? No. Why don't you just have virtual hosts in Tomcat? That would seem the obvious way to handle this, whether you "need" Apache in front of it (for some other unrelated reason) or not. FWIW! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
On 9/25/06, Darren Hall <[EMAIL PROTECTED]> wrote: ... The client does not want to see urls with an identifier on the end of them (i.e. www.abcdomain.com/abc), yet I need the identifier to correctly send the request to the correct container in Tomcat (meaning the abc app lives under the /abc folder under webapps in Tomcat). So when a request comes in for www.abcdomain.com I need to forward that request to Tomcat with an /abc on the end of it so that Tomcat correctly resolves it to the "abc" application and then when the response is returned to the user the url still appears as www.abcdomain.com with no /abc identifier after it. (Does this make sense? No. Why don't you just have virtual hosts in Tomcat? That would seem the obvious way to handle this, whether you "need" Apache in front of it (for some other unrelated reason) or not. FWIW! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
> Can this behavior be accomplished with mod proxy alone (meaning I can > remove mod rewrite from the picture completely)? Could this rewrite be > causing me to lose the session between Apache and Tomcat? *ding ding ding* We have a winner! I removed the rewrite rules from my httpd-vhosts.conf file and hit my web app that way, and the session is not lost! So I now know the cause of the problem is my URL rewriting, however this creates another problem. The client does not want to see urls with an identifier on the end of them (i.e. www.abcdomain.com/abc), yet I need the identifier to correctly send the request to the correct container in Tomcat (meaning the abc app lives under the /abc folder under webapps in Tomcat). So when a request comes in for www.abcdomain.com I need to forward that request to Tomcat with an /abc on the end of it so that Tomcat correctly resolves it to the "abc" application and then when the response is returned to the user the url still appears as www.abcdomain.com with no /abc identifier after it. (Does this make sense? I could be doing a bad job of explaining this.) Is there an easy way to resolve this that I'm not aware of through Apache or Tomcat? Perhaps using mod_proxy? Here are my relevant files: [file: httpd-vhosts.conf] ... ServerAdmin [EMAIL PROTECTED] DocumentRoot /workfiles/abc/webapps/abcdomain.org/trunk/www/htdocs ServerName abcdomain.com ErrorLog logs/abc/www.abcdomain.com-error_log CustomLog logs/abc/www.abcdomain.com-access_log common ProxyRequests Off ProxyPass /abc http://localhost:8081/abc ProxyPassreverse / http://localhost:8081/abc/ RewriteEngine on RewriteCond %{REQUEST_URI} !^/abc RewriteRule ^/(.*)$ /abc/$1 [P] ... [file: server.xml] ... ... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
I moved my port to 8081 and I still see the same behavior. *sigh* I'm still getting no positive results. I'm now thinking this issue involves one of two things. 1) Mod proxy and the way I've configured it; or 2) the rewrite rules I do on each request to and from my domain. This is my first time using mod proxy. I have one instance of Tomcat and one instance of Apache serving multiple web apps. I need to be able to map any one app to the correct container in Tomcat in a method that is seamless to the end user. Using mod rewrite, I append an identifier to the end of each request for a given domain (i.e. for www.abcdomian.com, I append /abc to the end, giving me www.abcdomain.com/abc. - if the identifier is not already present) In my httpd-vhosts.conf file I then map /abc to my Tomcat connector using mod proxy. When the request is returned from Tomcat, the /abc is removed from the url by mod proxy so that the user never sees the extra identifier that was appended. Can this behavior be accomplished with mod proxy alone (meaning I can remove mod rewrite from the picture completely)? Could this rewrite be causing me to lose the session between Apache and Tomcat? Do I have mod proxy configured properly and is *that* what is causing my problems?? Here are my relevant files: [file: httpd-vhosts.conf] ... ServerAdmin [EMAIL PROTECTED] DocumentRoot /workfiles/abc/webapps/abcdomain.org/trunk/www/htdocs ServerName abcdomain.com ErrorLog logs/abc/www.abcdomain.com-error_log CustomLog logs/abc/www.abcdomain.com-access_log common ProxyRequests Off ProxyPass /abc http://localhost:8081/abc ProxyPassreverse / http://localhost:8081/abc/ RewriteEngine on RewriteCond %{REQUEST_URI} !^/abc RewriteRule ^/(.*)$ /abc/$1 [P] ... [file: server.xml] ... ... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
> From: Darren Hall [mailto:[EMAIL PROTECTED] > (with one change - > the connector port in the new connector element I specified > is 8080, and I > also have the default element still uncommented also using > port 8080. Will this create a conflict?) I'm a little surprised it works at all. Use one or the other. > What information do you need to help me with this - The > server xml That's the obvious one at this point. It sounds like there are now some odd things in there. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
> In server.xml (tomcat's config file), the element > receiving proxied requests from Apache HTTPd needs > proxyName="www.mysite.com" and proxyPort="80" to properly handle cookies > and writing URLs. > > There are commented examples of this in the original server.xml file > distributed with tomcat. > > --David I'm still having issues with this. Based on David's suggestions, I did a search and found the following link: http://proteinbank.vbi.vt.edu/tomcat-docs/proxy-howto.html. I followed the instructions detailed in the link and restarted Tomcat (with one change - the connector port in the new connector element I specified is 8080, and I also have the default element still uncommented also using port 8080. Will this create a conflict?). The web app displays properly and the links work, however, in Tomcat manager console, I can still see that each time I do a page view it is *still* creating a new session. What information do you need to help me with this - The server xml, the httpd-vhost.conf? Let me know and I'll post them. Thanks, - D - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
No. In server.xml (tomcat's config file), the element receiving proxied requests from Apache HTTPd needs proxyName="www.mysite.com" and proxyPort="80" to properly handle cookies and writing URLs. There are commented examples of this in the original server.xml file distributed with tomcat. --David Darren Hall wrote: Thanks David, For using mod_proxy, have you also added proxy_name and proxy_port attributes to the connector receiving proxied requests? Those will need to be set so tomcat can create the session cookie correctly. I don't believe I'm setting any of these things. Correct me if I'm wrong, but the changes that you're talking about need to be configured on the Apache side? Below I've posted the relevant portion of my httpd-vhosts.conf file. I've been looking online for a "tutorial" of some kind to show me how I need to configure this, but I haven't had a lot of luck yet (other than tutorials that go into clustering and load-balancing... neither of which I need). Any help in getting this working would be greatly appreciated. (As you can see, I'm currently playing with getting the pass through mod_proxy to use sticky_sessions, but this doesn't yet appear to be working.) - D ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/mydomain/htdocs ServerName flc3.mydomain.com ErrorLog /var/www/flc/logs/www.mydomain.org-error_log CustomLog /var/www/flc/logs/www.mydomain.org-access_log common ProxyRequests Off # ProxyPass /flc http://localhost:8080/flc ProxyPass /flc balancer://localhost:8080/flc stickysession=JSESSIONID nofailover=On BalancerMember http://localhost:8080 ProxyPassreverse / http://localhost:8080/flc/ RewriteEngine on RewriteCond %{REQUEST_URI} !^/flc RewriteRule ^/(.*)$ /flc/$1 [P] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
have you consciously decided that you're using tomcat with an http mode connector instead of an ajp connector? also, you're duplicating the proxy by doing ProxyPass /flc ... as well as RewriteCond %{REQUEST_URI} !^/flc... Darren Hall wrote: > Thanks David, > >> For using mod_proxy, have you also added proxy_name and proxy_port >> attributes to the connector receiving proxied requests? Those will need >> to be set so tomcat can create the session cookie correctly. > > I don't believe I'm setting any of these things. Correct me if I'm wrong, > but the changes that you're talking about need to be configured on the > Apache side? Below I've posted the relevant portion of my httpd-vhosts.conf > file. I've been looking online for a "tutorial" of some kind to show me how > I need to configure this, but I haven't had a lot of luck yet (other than > tutorials that go into clustering and load-balancing... neither of which I > need). Any help in getting this working would be greatly appreciated. > (As you can see, I'm currently playing with getting the pass through > mod_proxy to use sticky_sessions, but this doesn't yet appear to be > working.) > > - D > > > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /var/www/mydomain/htdocs > ServerName flc3.mydomain.com > ErrorLog /var/www/flc/logs/www.mydomain.org-error_log > CustomLog /var/www/flc/logs/www.mydomain.org-access_log common > ProxyRequests Off ># ProxyPass /flc http://localhost:8080/flc > ProxyPass /flc balancer://localhost:8080/flc stickysession=JSESSIONID > nofailover=On > > BalancerMember http://localhost:8080 > > ProxyPassreverse / http://localhost:8080/flc/ > RewriteEngine on > RewriteCond %{REQUEST_URI} !^/flc > RewriteRule ^/(.*)$ /flc/$1 [P] > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
Thanks David, > For using mod_proxy, have you also added proxy_name and proxy_port > attributes to the connector receiving proxied requests? Those will need > to be set so tomcat can create the session cookie correctly. I don't believe I'm setting any of these things. Correct me if I'm wrong, but the changes that you're talking about need to be configured on the Apache side? Below I've posted the relevant portion of my httpd-vhosts.conf file. I've been looking online for a "tutorial" of some kind to show me how I need to configure this, but I haven't had a lot of luck yet (other than tutorials that go into clustering and load-balancing... neither of which I need). Any help in getting this working would be greatly appreciated. (As you can see, I'm currently playing with getting the pass through mod_proxy to use sticky_sessions, but this doesn't yet appear to be working.) - D ServerAdmin [EMAIL PROTECTED] DocumentRoot /var/www/mydomain/htdocs ServerName flc3.mydomain.com ErrorLog /var/www/flc/logs/www.mydomain.org-error_log CustomLog /var/www/flc/logs/www.mydomain.org-access_log common ProxyRequests Off # ProxyPass /flc http://localhost:8080/flc ProxyPass /flc balancer://localhost:8080/flc stickysession=JSESSIONID nofailover=On BalancerMember http://localhost:8080 ProxyPassreverse / http://localhost:8080/flc/ RewriteEngine on RewriteCond %{REQUEST_URI} !^/flc RewriteRule ^/(.*)$ /flc/$1 [P] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
For using mod_proxy, have you also added proxy_name and proxy_port attributes to the connector receiving proxied requests? Those will need to be set so tomcat can create the session cookie correctly. Additionally, you might want to be sure all your links are run through response.encodeURL( urlString ) so the JSESSIONID is tacked onto the url as necessary. Tomcat will use url rewriting to maintian session if the cookie isn't available. --David Peter Crowther wrote: From: Darren Hall [mailto:[EMAIL PROTECTED] You are correct. When hitting Tomcat directly, the session remains intact. When using mod_proxy to forward requests to Apache the session is lost. Is this a common issue? How can I go about correcting this? I'll have to open that up to the wider list - I've never used Apache to front-end Tomcat, partly in fear of problems like this! Certainly it would appear that many people have deployed Apache + Tomcat with sessions and it's worked; so I suspect a configuration issue. Personally, I'd check the configuration before going anywhere near Martin Gainty's suggestions. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
> From: Darren Hall [mailto:[EMAIL PROTECTED] > You are correct. When hitting Tomcat directly, the session > remains intact. > When using mod_proxy to forward requests to Apache the > session is lost. > Is this a common issue? How can I go about correcting this? I'll have to open that up to the wider list - I've never used Apache to front-end Tomcat, partly in fear of problems like this! Certainly it would appear that many people have deployed Apache + Tomcat with sessions and it's worked; so I suspect a configuration issue. Personally, I'd check the configuration before going anywhere near Martin Gainty's suggestions. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Maurice Yarrow wrote: > I'm fronting tomcat 5.0.28 with apache 2.0.59 through mod_proxy. > I am not seeing loss of session persistence: here are the values > of HttpSession.getId(), as seen in a typical succession of the > servlets, and also, one of the JSP's: > > SelectPubImgSetServlet: > thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > DisplayPubGalleryServlet: > thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > GetPubSmallServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > PassWordCheckServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > SelectPhotoClub.jsp: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > EditGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 > > I can't, of course, tell you why you are not seeing persistent session > id's, but I believe > the above shows that this is normal for my webapp. I do not believe > that I am doing > anything unusual, here, just the usual > > HttpSession thisUser = GetPubSession( request, response, true ); > > In fact, for the login/https side of my webapp, I rely on this to > determine > authorization. Note that going from http to https, the same session is > persisted, going the other way, one cannot rely on this - an artifact of > the security specification in J2EE). > > Maurice Yarrow Maurice, thanks for the concientous effort. However, your responses should be addressed to "Darren Hall". (no relation that I'm aware of) -Bob Hall - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Hello again, Bob (Sorry, slight revision/correction to wording of previous post (below), for sake of clarity:) The line "I can't, of course, tell you why you are not seeing persistent session id's, but I believe the above shows that this is normal for my webapp." should have been written "I can't, of course, tell you why you are not seeing persistent session id's. However, I believe the above shows that PERSISTENCE is normal for my webapp." (Case of ye olde dangling participle, or something like that...) Maurice Maurice Yarrow wrote: Hi Bob I'm fronting tomcat 5.0.28 with apache 2.0.59 through mod_proxy. I am not seeing loss of session persistence: here are the values of HttpSession.getId(), as seen in a typical succession of the servlets, and also, one of the JSP's: SelectPubImgSetServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 DisplayPubGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 GetPubSmallServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 PassWordCheckServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 SelectPhotoClub.jsp: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 EditGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 I can't, of course, tell you why you are not seeing persistent session id's, but I believe the above shows that this is normal for my webapp. I do not believe that I am doing anything unusual, here, just the usual HttpSession thisUser = GetPubSession( request, response, true ); In fact, for the login/https side of my webapp, I rely on this to determine authorization. Note that going from http to https, the same session is persisted, going the other way, one cannot rely on this - an artifact of the security specification in J2EE). Maurice Yarrow Bob Hall wrote: --- Darren Hall <[EMAIL PROTECTED]> wrote: Peter, You are correct. When hitting Tomcat directly, the session remains intact. When using mod_proxy to forward requests to Apache the session is lost. Is this a common issue? How can I go about correcting this? Thanks - D I don't have any experience with mod_proxy. Have you tried mod_jk? -Bob __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
Hi Bob I'm fronting tomcat 5.0.28 with apache 2.0.59 through mod_proxy. I am not seeing loss of session persistence: here are the values of HttpSession.getId(), as seen in a typical succession of the servlets, and also, one of the JSP's: SelectPubImgSetServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 DisplayPubGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 GetPubSmallServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 PassWordCheckServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 SelectPhotoClub.jsp: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 EditGalleryServlet: thisUser.getId()=303D62BDCC86A5BC6D8218364F513A09 I can't, of course, tell you why you are not seeing persistent session id's, but I believe the above shows that this is normal for my webapp. I do not believe that I am doing anything unusual, here, just the usual HttpSession thisUser = GetPubSession( request, response, true ); In fact, for the login/https side of my webapp, I rely on this to determine authorization. Note that going from http to https, the same session is persisted, going the other way, one cannot rely on this - an artifact of the security specification in J2EE). Maurice Yarrow Bob Hall wrote: --- Darren Hall <[EMAIL PROTECTED]> wrote: Peter, You are correct. When hitting Tomcat directly, the session remains intact. When using mod_proxy to forward requests to Apache the session is lost. Is this a common issue? How can I go about correcting this? Thanks - D I don't have any experience with mod_proxy. Have you tried mod_jk? -Bob __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New session PER REQUEST
2 possible solutions -you could store those previously defined Session attribute values in the considerably wider Application scope -create your own SessionListener from HttpSessionListener and specify the contingency when the session is destroyed i.e. your own sessionDestroyed(HttpSessionEvent) and persist the values Take a look at http://www.velocityreviews.com/forums/t135596-detecting-session-expiration.html Anyone else? Martin -- * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: "Peter Crowther" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Friday, September 22, 2006 12:04 PM Subject: RE: New session PER REQUEST > From: Darren Hall [mailto:[EMAIL PROTECTED] > I'm running a webapp built on Struts 1.2.9 running in Tomcat > 5.5 and using > an Apache 2.2 http server. I've noticed that any value I put into the > session is always removed after one request/response cycle. > In the Tomcat > Manager, I can see that every time I hit the webapp and view > a page, the > session count increments. This is terrible, as it prevents me from > persisting values across my user's session. Any idea why this would be > happening?? (I'm looking for a starting point to trouble > shoot and correct > this issue.) What happens if you connect directly to Tomcat (if necessary, set up a connector) and bypass Apache? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
--- Darren Hall <[EMAIL PROTECTED]> wrote: > Peter, > You are correct. When hitting Tomcat directly, the > session remains intact. > When using mod_proxy to forward requests to Apache > the session is lost. > Is this a common issue? How can I go about > correcting this? > > Thanks > - D I don't have any experience with mod_proxy. Have you tried mod_jk? -Bob __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
Peter, You are correct. When hitting Tomcat directly, the session remains intact. When using mod_proxy to forward requests to Apache the session is lost. Is this a common issue? How can I go about correcting this? Thanks - D -Original Message- From: Peter Crowther [mailto:[EMAIL PROTECTED] Sent: Friday, September 22, 2006 12:04 PM To: Tomcat Users List Subject: RE: New session PER REQUEST > From: Darren Hall [mailto:[EMAIL PROTECTED] > I'm running a webapp built on Struts 1.2.9 running in Tomcat > 5.5 and using > an Apache 2.2 http server. I've noticed that any value I put into the > session is always removed after one request/response cycle. > In the Tomcat > Manager, I can see that every time I hit the webapp and view > a page, the > session count increments. This is terrible, as it prevents me from > persisting values across my user's session. Any idea why this would be > happening?? (I'm looking for a starting point to trouble > shoot and correct > this issue.) What happens if you connect directly to Tomcat (if necessary, set up a connector) and bypass Apache? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: New session PER REQUEST
> From: Darren Hall [mailto:[EMAIL PROTECTED] > I'm running a webapp built on Struts 1.2.9 running in Tomcat > 5.5 and using > an Apache 2.2 http server. I've noticed that any value I put into the > session is always removed after one request/response cycle. > In the Tomcat > Manager, I can see that every time I hit the webapp and view > a page, the > session count increments. This is terrible, as it prevents me from > persisting values across my user's session. Any idea why this would be > happening?? (I'm looking for a starting point to trouble > shoot and correct > this issue.) What happens if you connect directly to Tomcat (if necessary, set up a connector) and bypass Apache? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]