tomcat session problem
Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? Anyone encounter the same problem?? Any advice would be high appreciated! Thanks -- Weffen Cheung E: wef...@gmail.com M: 1380618
Re: tomcat session problem
On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated! One other thought, what do you have in front of the two TC instances? Apache HTTPD with mod_proxy? or with mod_jk? Have you confirmed that the correct session id is being sent from the browser to your load balancer and then from the load balancer to your TC instance? Dan
Re: tomcat session problem
Hello, First Thanks for your reply, Dan. 1. Yes, I am using apache2+mod_proxy in front of the two tomcats, here are the configuration in httpd.conf: ProxyPass /images/ ! ProxyPass /css/ ! ProxyPass /js/ ! ProxyPass /photo/ ! ProxyPass /icon/ ! ProxyPass /pg/ ! ProxyPass /job/ ! ProxyPass /maintenance/ ! ProxyRequests Off Proxy balancer://cluster/ BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1 BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1 /Proxy ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ 2. I am not sure that whether the problem occurs on the same tomcat, because I have no any idea to confirm that. Could you give me any tips to find it out? This problem occurs occasionally, and I really don't know whether it is because of the session duplication or tomcat session manager itself. 3. But one thing I am sure is that the two users use different PC to login, which means that cookie is not the reason at all. Any fellows have such a problem? This problem is so bad that it has dried me and my visitors crazy, which is a big security problem! Any advice is high appreciated! Thanks in advance! Weffen 在 2012-1-11,下午9:52, Daniel Mikusa 写道: On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated! One other thought, what do you have in front of the two TC instances? Apache HTTPD with mod_proxy? or with mod_jk? Have you confirmed that the correct session id is being sent from the browser to your load balancer and then from the load balancer to your TC instance? Dan -- Weffen Cheung E: wef...@gmail.com M: 1380618
Re: tomcat session problem
On Wed, 2012-01-11 at 10:21 -0800, Weffen Cheung wrote: Hello, First Thanks for your reply, Dan. 1. Yes, I am using apache2+mod_proxy in front of the two tomcats, here are the configuration in httpd.conf: ProxyPass /images/ ! ProxyPass /css/ ! ProxyPass /js/ ! ProxyPass /photo/ ! ProxyPass /icon/ ! ProxyPass /pg/ ! ProxyPass /job/ ! ProxyPass /maintenance/ ! ProxyRequests Off Proxy balancer://cluster/ BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1 BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1 /Proxy ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ 2. I am not sure that whether the problem occurs on the same tomcat, because I have no any idea to confirm that. Could you give me any tips to find it out? It will take a bit of work, but here are two possibility... If you are able to talk with the user when the problem occurs, try to get some information from the user: the time the problem happened, the resource that was accessed or anything else that can be used to identify the request in the logs. Once you have that information, you'll need to look at the access logs to find the user's request and see which machine the request was sent to. Alternatively, if you can get the session id of the problem request, it should have the route appended to the end of it. That would also tell you which machine the request was sent to. This problem occurs occasionally, and I really don't know whether it is because of the session duplication or tomcat session manager itself. As I mentioned before, the most likely cause is due to a session, request or response object being retained by one of your application's servlets. Doing this can cause problems very similar to the one that you are reporting. You should check your application to make sure that you never assign the session, request or response objects to a field on your Servlet objects. This is not thread safe and can cause a problem very similar to you are reporting. Dan 3. But one thing I am sure is that the two users use different PC to login, which means that cookie is not the reason at all. Any fellows have such a problem? This problem is so bad that it has dried me and my visitors crazy, which is a big security problem! Any advice is high appreciated! Thanks in advance! Weffen 在 2012-1-11,下午9:52, Daniel Mikusa 写道: On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated! One other thought, what do you have in front of the two TC instances? Apache HTTPD with mod_proxy? or with mod_jk? Have you confirmed that the correct session id is being sent from the browser to your load balancer and then from the load balancer to your TC instance? Dan -- Weffen Cheung E: wef...@gmail.com M: 1380618
Re: tomcat session problem
And have you set jvmRoute parameter in the server.xml file on the tomcats to match the route value you use in the balancer? Maybe read the following section of the mod_proxy_balancer carefully to make sure all the dependencies are meat: http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html#stickyness_implementation Igor On Thu, Jan 12, 2012 at 8:42 AM, Daniel Mikusa dmik...@vmware.com wrote: On Wed, 2012-01-11 at 10:21 -0800, Weffen Cheung wrote: Hello, First Thanks for your reply, Dan. 1. Yes, I am using apache2+mod_proxy in front of the two tomcats, here are the configuration in httpd.conf: ProxyPass /images/ ! ProxyPass /css/ ! ProxyPass /js/ ! ProxyPass /photo/ ! ProxyPass /icon/ ! ProxyPass /pg/ ! ProxyPass /job/ ! ProxyPass /maintenance/ ! ProxyRequests Off Proxy balancer://cluster/ BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1 BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1 /Proxy ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ 2. I am not sure that whether the problem occurs on the same tomcat, because I have no any idea to confirm that. Could you give me any tips to find it out? It will take a bit of work, but here are two possibility... If you are able to talk with the user when the problem occurs, try to get some information from the user: the time the problem happened, the resource that was accessed or anything else that can be used to identify the request in the logs. Once you have that information, you'll need to look at the access logs to find the user's request and see which machine the request was sent to. Alternatively, if you can get the session id of the problem request, it should have the route appended to the end of it. That would also tell you which machine the request was sent to. This problem occurs occasionally, and I really don't know whether it is because of the session duplication or tomcat session manager itself. As I mentioned before, the most likely cause is due to a session, request or response object being retained by one of your application's servlets. Doing this can cause problems very similar to the one that you are reporting. You should check your application to make sure that you never assign the session, request or response objects to a field on your Servlet objects. This is not thread safe and can cause a problem very similar to you are reporting. Dan 3. But one thing I am sure is that the two users use different PC to login, which means that cookie is not the reason at all. Any fellows have such a problem? This problem is so bad that it has dried me and my visitors crazy, which is a big security problem! Any advice is high appreciated! Thanks in advance! Weffen 在 2012-1-11,下午9:52, Daniel Mikusa 写道: On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated! One other thought, what do you have in front of the two TC instances? Apache HTTPD with mod_proxy? or with mod_jk? Have you confirmed that the correct session id is being sent from the browser to your load balancer and then from the load balancer to your TC instance? Dan -- Weffen Cheung E: wef...@gmail.com M: 1380618
Re: tomcat session problem
Hi Igor, Thanks for your reply...We are using apache tomact not the http serverHope the below parameter is to be used for apache http server right? Pls correct me, if i am wrong in understanding Thanks Selva On Wed, Jan 11, 2012 at 6:34 PM, Igor Cicimov icici...@gmail.com wrote: And have you set jvmRoute parameter in the server.xml file on the tomcats to match the route value you use in the balancer? Maybe read the following section of the mod_proxy_balancer carefully to make sure all the dependencies are meat: http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html#stickyness_implementation Igor On Thu, Jan 12, 2012 at 8:42 AM, Daniel Mikusa dmik...@vmware.com wrote: On Wed, 2012-01-11 at 10:21 -0800, Weffen Cheung wrote: Hello, First Thanks for your reply, Dan. 1. Yes, I am using apache2+mod_proxy in front of the two tomcats, here are the configuration in httpd.conf: ProxyPass /images/ ! ProxyPass /css/ ! ProxyPass /js/ ! ProxyPass /photo/ ! ProxyPass /icon/ ! ProxyPass /pg/ ! ProxyPass /job/ ! ProxyPass /maintenance/ ! ProxyRequests Off Proxy balancer://cluster/ BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1 BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1 /Proxy ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ 2. I am not sure that whether the problem occurs on the same tomcat, because I have no any idea to confirm that. Could you give me any tips to find it out? It will take a bit of work, but here are two possibility... If you are able to talk with the user when the problem occurs, try to get some information from the user: the time the problem happened, the resource that was accessed or anything else that can be used to identify the request in the logs. Once you have that information, you'll need to look at the access logs to find the user's request and see which machine the request was sent to. Alternatively, if you can get the session id of the problem request, it should have the route appended to the end of it. That would also tell you which machine the request was sent to. This problem occurs occasionally, and I really don't know whether it is because of the session duplication or tomcat session manager itself. As I mentioned before, the most likely cause is due to a session, request or response object being retained by one of your application's servlets. Doing this can cause problems very similar to the one that you are reporting. You should check your application to make sure that you never assign the session, request or response objects to a field on your Servlet objects. This is not thread safe and can cause a problem very similar to you are reporting. Dan 3. But one thing I am sure is that the two users use different PC to login, which means that cookie is not the reason at all. Any fellows have such a problem? This problem is so bad that it has dried me and my visitors crazy, which is a big security problem! Any advice is high appreciated! Thanks in advance! Weffen 在 2012-1-11,下午9:52, Daniel Mikusa 写道: On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated! One other thought, what do you have in front of the two TC instances? Apache HTTPD with mod_proxy? or with mod_jk? Have you confirmed that the correct session id is being sent from the browser to your load balancer and then from the load balancer to your TC instance? Dan -- Weffen Cheung E: wef...@gmail.com M: 1380618
Re: tomcat session problem
But you said you are using Apache as front end right? And here you are using mod_proxy_balancer to reverse-proxy right? ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ You use sticky sessions on your proxy based on the JSESSIONID right? So the point is the balancer in your Apache frontend proxy should have the parameters synchronized with your backend Tomcat servers otherwise your sessions might end up on a wrong Tomcat server when proxying. Hope this makes sense?! Igor On Thu, Jan 12, 2012 at 12:35 PM, Selvakumar Subramanian sselvakum...@gmail.com wrote: Hi Igor, Thanks for your reply...We are using apache tomact not the http serverHope the below parameter is to be used for apache http server right? Pls correct me, if i am wrong in understanding Thanks Selva On Wed, Jan 11, 2012 at 6:34 PM, Igor Cicimov icici...@gmail.com wrote: And have you set jvmRoute parameter in the server.xml file on the tomcats to match the route value you use in the balancer? Maybe read the following section of the mod_proxy_balancer carefully to make sure all the dependencies are meat: http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html#stickyness_implementation Igor On Thu, Jan 12, 2012 at 8:42 AM, Daniel Mikusa dmik...@vmware.com wrote: On Wed, 2012-01-11 at 10:21 -0800, Weffen Cheung wrote: Hello, First Thanks for your reply, Dan. 1. Yes, I am using apache2+mod_proxy in front of the two tomcats, here are the configuration in httpd.conf: ProxyPass /images/ ! ProxyPass /css/ ! ProxyPass /js/ ! ProxyPass /photo/ ! ProxyPass /icon/ ! ProxyPass /pg/ ! ProxyPass /job/ ! ProxyPass /maintenance/ ! ProxyRequests Off Proxy balancer://cluster/ BalancerMember ajp://localhost:8009/ route=tomcat loadfactor=1 BalancerMember ajp://localhost:8010/ route=tomcat2 loadfactor=1 /Proxy ProxyPass / balancer://cluster/ stickysession=JSESSIONID nofailover=On ProxyPassReverse / balancer://cluster/ 2. I am not sure that whether the problem occurs on the same tomcat, because I have no any idea to confirm that. Could you give me any tips to find it out? It will take a bit of work, but here are two possibility... If you are able to talk with the user when the problem occurs, try to get some information from the user: the time the problem happened, the resource that was accessed or anything else that can be used to identify the request in the logs. Once you have that information, you'll need to look at the access logs to find the user's request and see which machine the request was sent to. Alternatively, if you can get the session id of the problem request, it should have the route appended to the end of it. That would also tell you which machine the request was sent to. This problem occurs occasionally, and I really don't know whether it is because of the session duplication or tomcat session manager itself. As I mentioned before, the most likely cause is due to a session, request or response object being retained by one of your application's servlets. Doing this can cause problems very similar to the one that you are reporting. You should check your application to make sure that you never assign the session, request or response objects to a field on your Servlet objects. This is not thread safe and can cause a problem very similar to you are reporting. Dan 3. But one thing I am sure is that the two users use different PC to login, which means that cookie is not the reason at all. Any fellows have such a problem? This problem is so bad that it has dried me and my visitors crazy, which is a big security problem! Any advice is high appreciated! Thanks in advance! Weffen 在 2012-1-11,下午9:52, Daniel Mikusa 写道: On Wed, 2012-01-11 at 02:29 -0800, Weffen Cheung wrote: Hello, I am using 2 tomcat(7.0.11) on my server, with clustering and session duplication. All the things are running smoothy except the session problem sometimes: 1. userA login, userB login Are userA and userB on the same TC instance? 2. Sometimes when userB load a page, he found that he has became userA, it means that userB's login session data has been replaced with userA. Don't know why. Is it a bug? In most cases this occurs due to a session, request or response object being retained by a servlet. This is bad and can cause behaviors similar to the one you are reporting. Anyone encounter the same problem?? Any advice would be high appreciated
RE: tomcat session problem
From: Igor Cicimov [mailto:icici...@gmail.com] Subject: Re: tomcat session problem But you said you are using Apache as front end right? Actually, he didn't, but that's because it appears Selvakumar Subramanian didn't even bother to read the subject line, let alone stick to his unrelated thread. He jumped into the middle of a completely different discussion, which does use httpd as a front end, started by Weffen Cheung. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Tomcat 7 applet session problem
It could be caused by the useHttpOnly attribute of the context to prevent cross-site scripting attacks. HttpOnly cookies are not allowed to be passed to any client side script or Plug-in - such as a java applet. see e.g. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Common_Attributes So you have to a) disable httpOnly cookies b) pass a parameter into the applet with the sessionId and the applet has to use this sessionId in the requests. Michael Am 06.07.2011 23:18, schrieb Pid: On 06/07/2011 21:54, S Arvind wrote: Hi All, Web application presently running in the tomcat 6 which has applet in it. In that applet we make a connection to server using URL class and get some data from the server after it loads. In this process we got error after updating to the tomcat 7. The problem is the session between the web application and the applet varies which runs in the same browser tab. Dont know why in tomcat 7 the applet request was considered as separate session but instead in tomcat 6 bot are considered as same session request. Is there any configuration changes for it? Tomcat 7.0.x and later versions of 6.0.x change the session id after authentication*. You can't rely on the session id remaining the same, the applet will need to check for session id changes in the cookie (or url). p * In order to prevent some session hijacking attacks
Tomcat 7 applet session problem
Hi All, Web application presently running in the tomcat 6 which has applet in it. In that applet we make a connection to server using URL class and get some data from the server after it loads. In this process we got error after updating to the tomcat 7. The problem is the session between the web application and the applet varies which runs in the same browser tab. Dont know why in tomcat 7 the applet request was considered as separate session but instead in tomcat 6 bot are considered as same session request. Is there any configuration changes for it? Arvind S Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison
Re: Tomcat 7 applet session problem
On 06/07/2011 21:54, S Arvind wrote: Hi All, Web application presently running in the tomcat 6 which has applet in it. In that applet we make a connection to server using URL class and get some data from the server after it loads. In this process we got error after updating to the tomcat 7. The problem is the session between the web application and the applet varies which runs in the same browser tab. Dont know why in tomcat 7 the applet request was considered as separate session but instead in tomcat 6 bot are considered as same session request. Is there any configuration changes for it? Tomcat 7.0.x and later versions of 6.0.x change the session id after authentication*. You can't rely on the session id remaining the same, the applet will need to check for session id changes in the cookie (or url). p * In order to prevent some session hijacking attacks signature.asc Description: OpenPGP digital signature
Sticky Session Problem Tomcat 6.0.29
Hi Friends, I have recently configured sticky sessions in Tomcat 6.0.29 but i have found out that in some cases when i log into the application with several instances of tomcat running i get redirected to the login page. It looks as though that Tomcat is terminating the sessions. Env === Tomcat 6.0.29 JDK 1.6.0_17 Using Spring security as application security framework. Any help would be appreciated. Thanks.
Re: Sticky Session Problem Tomcat 6.0.29
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Richard, On 03/10/2011 01:28 PM, Richard Nduka wrote: I have recently configured sticky sessions in Tomcat 6.0.29 but i have found out that in some cases when i log into the application with several instances of tomcat running i get redirected to the login page. It looks as though that Tomcat is terminating the sessions. Env === Tomcat 6.0.29 JDK 1.6.0_17 Using Spring security as application security framework. Any help would be appreciated. Your mail is lacking necessary information to get an idea what the reason of your problem is. What are you using in front of your Tomcats? Apache http or MS IIS? Reverse proxy with mod_jk or mod_proxy (ajp/http)? Any third party hardware loadbalancing appliances? A good start to analyse your problem is enabling access logging on all components, be sure to include JSESSIONID-Cookie in the logpattern (%S in Tomcat's AccessValve-Configuration, %{Cookie}i in Apache https Accesslog). This will at least clear when stickiness is not working. See http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Access_Log_Valve and http://httpd.apache.org/docs/current/mod/mod_log_config.html#formats for access log configuration. Post relevant excerpts of your Tomcat (Engine-block) and Apache httpd config (mod_proxy-block or mod_jk workers.properties). Regards, - -- Thomas Freitag -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk15vGcACgkQGE5pHr3PKuVR2wCfUYrvBqs0hXmFRaCey6ZZTA/R RssAoIr2rk/hPv0aNvrtgHYPuyX0ksgK =SuDb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Hi Chris, sorry for the late reply In your listener, why don't you dump a stack trace when a session attribute is removed? That will let you know where the code is that is removing your attributes. You may be surprised. This would be very useful, but how would i generate it since theres no exception that's been thrown? Do i just throw an exception? -h On Wed, Aug 25, 2010 at 2:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/25/2010 11:07 AM, Hisham wrote: Let me rephrase what I said: I am not using any custom cookies, the JsessionID cookie gets created by default. That makes a lot more sense. So i created an HttpSessionAttributeListener listener. And what i observed is truly weird. Once i click on Messages tab, the request goes through fine, there are a couple of images that are requested that are delivered correctly. After all this has finished, 2 of the attributes i have stored in the session are removed. Mind you, i have more attributes that DON'T get removed. I did a complete hack that IF these other attributes are still present then go ahead and put the 2 attributes back into the session - and it works fine now! Er, that will sort of subvert your own authorization mechanism, right? In your listener, why don't you dump a stack trace when a session attribute is removed? That will let you know where the code is that is removing your attributes. You may be surprised. Of course i'm not gonna leave it like this, i still need to figure out what the hell is going on! Here is my filter code: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean authorized = false; HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; HttpSession session = req.getSession(false); System.out.println(req.getRequestURL()); if (session != null session.getAttribute(ub) != null)) { authorized = true; System.out.println(setting authorized = true); chain.doFilter(request, response); } // forward the request to login page if (!authorized) { System.out.println(kicked someone from +request.getRemoteAddr()); res.setHeader(session, invalid); res.sendError(HttpServletResponse.SC_UNAUTHORIZED, Your session is invalid or have expired.); } } Aside from the odd logic above, this looks okay, except, I don't see a redirect to a login form anywhere, here. You also didn't say what the URL mapping was for this filter was. Is it /*? If so, then you'll probably not be able to serve your login page unless you're logged-in. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1Zg8ACgkQ9CaO5/Lv0PA6HACcDuDEppOaVSyuDrvYqjB68uD5 Em4AnjyHmIRgcO5ncOAV22CkAPOy18Vp =SOPc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
On 27/08/2010 18:16, Hisham wrote: Hi Chris, sorry for the late reply In your listener, why don't you dump a stack trace when a session attribute is removed? That will let you know where the code is that is removing your attributes. You may be surprised. Thread.dumpStack(); p This would be very useful, but how would i generate it since theres no exception that's been thrown? Do i just throw an exception? -h On Wed, Aug 25, 2010 at 2:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: Hisham, On 8/25/2010 11:07 AM, Hisham wrote: Let me rephrase what I said: I am not using any custom cookies, the JsessionID cookie gets created by default. That makes a lot more sense. So i created an HttpSessionAttributeListener listener. And what i observed is truly weird. Once i click on Messages tab, the request goes through fine, there are a couple of images that are requested that are delivered correctly. After all this has finished, 2 of the attributes i have stored in the session are removed. Mind you, i have more attributes that DON'T get removed. I did a complete hack that IF these other attributes are still present then go ahead and put the 2 attributes back into the session - and it works fine now! Er, that will sort of subvert your own authorization mechanism, right? In your listener, why don't you dump a stack trace when a session attribute is removed? That will let you know where the code is that is removing your attributes. You may be surprised. Of course i'm not gonna leave it like this, i still need to figure out what the hell is going on! Here is my filter code: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean authorized = false; HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; HttpSession session = req.getSession(false); System.out.println(req.getRequestURL()); if (session != null session.getAttribute(ub) != null)) { authorized = true; System.out.println(setting authorized = true); chain.doFilter(request, response); } // forward the request to login page if (!authorized) { System.out.println(kicked someone from +request.getRemoteAddr()); res.setHeader(session, invalid); res.sendError(HttpServletResponse.SC_UNAUTHORIZED, Your session is invalid or have expired.); } } Aside from the odd logic above, this looks okay, except, I don't see a redirect to a login form anywhere, here. You also didn't say what the URL mapping was for this filter was. Is it /*? If so, then you'll probably not be able to serve your login page unless you're logged-in. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
RE: Session problem
From: Hisham [mailto:mohis...@gmail.com] Subject: Re: Session problem how would i generate it since theres no exception that's been thrown? Standard API call: Thread.dumpStack(). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Yeah i found that through google! Thanks pid and chuck! -h On Fri, Aug 27, 2010 at 1:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Hisham [mailto:mohis...@gmail.com] Subject: Re: Session problem how would i generate it since theres no exception that's been thrown? Standard API call: Thread.dumpStack(). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/24/2010 10:30 PM, Hisham wrote: Jason, you're right in that the tabs i was referring to were tabs within my application. I will verify tomorrow whether the domain is different, but i seriously doubt it. I have a few other things you could check out: 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1GxQACgkQ9CaO5/Lv0PBChACfSn30308mX8fTcYDPFGnOHYYZ JlMAoIZ/d8ZpiJRwc+94pbwfDZAiaQWT =EiKI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Jason, I was referring to an issue where a user opens several tabbed references to the same window. If the session value is changed in one window, the value will change in subsequent references in the other tabbed window(s). Actually, this is significant problem, but if this is not what was being asked, then ignore my comment. Stephen On Aug 24, 2010, at 8:06 PM, Jason Britton wrote: Stephen - your statement doesn't really make sense in context to the problem he described or how I replied. From Hisham's first post I believe he's describing tabs within the context of a single web page interface, when he clicks on any of the three tabs a request is made (asynchronous or otherwise), request passes through a servlet filter that checks for existence of session attribute etc.. I was suggesting he check that he hadn't, for some unknown reason, hardcoded a different domain for the Messages link, if that were the case that domain (eg. localhost instead of dev2) would not have the same session as the other links and the session attribute value he was looking for might not be there, which would fit with what he's describing. Jason On Tue, Aug 24, 2010 at 3:37 PM, Stephen Caine step...@commongrnd.com wrote: Jason, As each window shares the same session, a change to the session value in one window will effect the session value in the others. Stephen Caine On Aug 24, 2010, at 5:21 PM, Jason Britton wrote: I would make sure that the link for your Messages tab is going to the same domain as that your session was established under and is hitting the same domain as your Home and Admin links. This doesn't seem to have anything to do with Tomcat though. On Tue, Aug 24, 2010 at 1:53 PM, Hisham mohis...@gmail.com wrote: Hello all, I have a problem that is driving me crazy. I don't even know if its a Tomcat issue but maybe someone out there can help me out. I have a webapp that I first developed locally. I tested this on my local environment (windows) and had no issues. I then deployed the same app to our QA environment (linux). There i am seeing something strange. There are three main tabs, Home, Messages and Admin. I can go between home and admin, no probs. But once i click on Messages, somehow the session on the server gets messed up. The way i check whether session is valid is not is that I have a filter that will check if a certain attribute is present in the session or not. If its not, i assume the session is invalid and forward to login page. As soon as i click on the Messages link, i cannot do anything else; anywhere else i click it takes me to the login page. I put print statements in my filter and verified that it is not able to find the attribute in the session. Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). I am not removing the attribute from the session in any place; and in any case it works fine locally as i said before. Does any one have any clue as to what could be happening? I can post code if needed, but i don't know where to begin :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Chris, thanks for your reply! 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. I'm not using any cookies. Also i want to stress the fact that the app works fine in my local environment. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. I've looked everywhere, and unless i missed something i don't think this is the issue. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). How would I go about doing this? Is there a particular filter that listens to attributes being changed? 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... Will eventually move to this, you're right. I am using Spring so will use Spring security/Acegi. -h On Wed, Aug 25, 2010 at 9:31 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/24/2010 10:30 PM, Hisham wrote: Jason, you're right in that the tabs i was referring to were tabs within my application. I will verify tomorrow whether the domain is different, but i seriously doubt it. I have a few other things you could check out: 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1GxQACgkQ9CaO5/Lv0PBChACfSn30308mX8fTcYDPFGnOHYYZ JlMAoIZ/d8ZpiJRwc+94pbwfDZAiaQWT =EiKI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Btw, Jason, I have verified that the domain is the same. -h On Wed, Aug 25, 2010 at 9:55 AM, Hisham mohis...@gmail.com wrote: Chris, thanks for your reply! 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. I'm not using any cookies. Also i want to stress the fact that the app works fine in my local environment. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. I've looked everywhere, and unless i missed something i don't think this is the issue. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). How would I go about doing this? Is there a particular filter that listens to attributes being changed? 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... Will eventually move to this, you're right. I am using Spring so will use Spring security/Acegi. -h On Wed, Aug 25, 2010 at 9:31 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/24/2010 10:30 PM, Hisham wrote: Jason, you're right in that the tabs i was referring to were tabs within my application. I will verify tomorrow whether the domain is different, but i seriously doubt it. I have a few other things you could check out: 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1GxQACgkQ9CaO5/Lv0PBChACfSn30308mX8fTcYDPFGnOHYYZ JlMAoIZ/d8ZpiJRwc+94pbwfDZAiaQWT =EiKI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/25/2010 9:55 AM, Hisham wrote: 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. I'm not using any cookies. Also i want to stress the fact that the app works fine in my local environment. Uh, then I'm confused by your original post, which included this: Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). If you were observing the headers for your session id, then what other header would you be looking for besides the JSESSIONID cookie? IF you aren't using cookies for session id management, then are you properly encoding all your URLs? If you aren't, you'll lose your session when you click on one of those URLs. Please post the HTML code around the link to your Messages page. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. I've looked everywhere, and unless i missed something i don't think this is the issue. You still didn't say that you actually observed the value you expect to be in the session, and your Filter still forces a login. Could you: 1. Post the code to your filter 2. Add a logging statement that prints the URL being accessed It's possible that there's some image being requested that's fouling things up. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). How would I go about doing this? Is there a particular filter that listens to attributes being changed? No, which is why I said you could write one. I believe I've posted the full code for such a filter on this list in the past. Consider searching the archives. 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... Will eventually move to this, you're right. I am using Spring so will use Spring security/Acegi. Maybe now would be a good time for that. You may spend less time implementing ACEGI than you would tracking-down whatever this problem is. I suspect that the Windows vs. Linux environment is not related to the problem you're experiencing (unless this is some kind of case-sensitive issue, which is entirely possible). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1JIsACgkQ9CaO5/Lv0PBfpwCcCjb7uWXkbMTqy8JAbFcshZBA 1uAAn079qe7eMAQ+KiHojMk/Rx3+jqt0 =FGiU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Chris, Let me rephrase what I said: I am not using any custom cookies, the JsessionID cookie gets created by default. So i created an HttpSessionAttributeListener listener. And what i observed is truly weird. Once i click on Messages tab, the request goes through fine, there are a couple of images that are requested that are delivered correctly. After all this has finished, 2 of the attributes i have stored in the session are removed. Mind you, i have more attributes that DON'T get removed. I did a complete hack that IF these other attributes are still present then go ahead and put the 2 attributes back into the session - and it works fine now! Of course i'm not gonna leave it like this, i still need to figure out what the hell is going on! Here is my filter code: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean authorized = false; HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; HttpSession session = req.getSession(false); System.out.println(req.getRequestURL()); if (session != null session.getAttribute(ub) != null)) { authorized = true; System.out.println(setting authorized = true); chain.doFilter(request, response); } // forward the request to login page if (!authorized) { System.out.println(kicked someone from +request.getRemoteAddr()); res.setHeader(session, invalid); res.sendError(HttpServletResponse.SC_UNAUTHORIZED, Your session is invalid or have expired.); } } -h On Wed, Aug 25, 2010 at 10:11 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/25/2010 9:55 AM, Hisham wrote: 1. Are you using cookies? If you don't properly encode all the URLs in your webapp, you could be losing session information when cookies are /not/ being used. It sounds like you are using cookies, though, given your statement about using Firebug to read the headers en route. I'm not using any cookies. Also i want to stress the fact that the app works fine in my local environment. Uh, then I'm confused by your original post, which included this: Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). If you were observing the headers for your session id, then what other header would you be looking for besides the JSESSIONID cookie? IF you aren't using cookies for session id management, then are you properly encoding all your URLs? If you aren't, you'll lose your session when you click on one of those URLs. Please post the HTML code around the link to your Messages page. 2. Even if your session id is okay, are you dumping the value of the test attribute for the session? Even though you aren't removing it, that attribute might have been damaged by something else. I've looked everywhere, and unless i missed something i don't think this is the issue. You still didn't say that you actually observed the value you expect to be in the session, and your Filter still forces a login. Could you: 1. Post the code to your filter 2. Add a logging statement that prints the URL being accessed It's possible that there's some image being requested that's fouling things up. 3. You could write another filter that wraps your HttpSession when requested by the webapp and reports all modifications to it (that is, calls to setAttribute/removeAttribute/setValue/removeValue). How would I go about doing this? Is there a particular filter that listens to attributes being changed? No, which is why I said you could write one. I believe I've posted the full code for such a filter on this list in the past. Consider searching the archives. 4. Any reason not to use the container-managed login and session management? Tomcat can take care of all this logic for you... Will eventually move to this, you're right. I am using Spring so will use Spring security/Acegi. Maybe now would be a good time for that. You may spend less time implementing ACEGI than you would tracking-down whatever this problem is. I suspect that the Windows vs. Linux environment is not related to the problem you're experiencing (unless this is some kind of case-sensitive issue, which is entirely possible). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla -
Re: Session problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hisham, On 8/25/2010 11:07 AM, Hisham wrote: Let me rephrase what I said: I am not using any custom cookies, the JsessionID cookie gets created by default. That makes a lot more sense. So i created an HttpSessionAttributeListener listener. And what i observed is truly weird. Once i click on Messages tab, the request goes through fine, there are a couple of images that are requested that are delivered correctly. After all this has finished, 2 of the attributes i have stored in the session are removed. Mind you, i have more attributes that DON'T get removed. I did a complete hack that IF these other attributes are still present then go ahead and put the 2 attributes back into the session - and it works fine now! Er, that will sort of subvert your own authorization mechanism, right? In your listener, why don't you dump a stack trace when a session attribute is removed? That will let you know where the code is that is removing your attributes. You may be surprised. Of course i'm not gonna leave it like this, i still need to figure out what the hell is going on! Here is my filter code: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean authorized = false; HttpServletRequest req = (HttpServletRequest)request; HttpServletResponse res = (HttpServletResponse)response; HttpSession session = req.getSession(false); System.out.println(req.getRequestURL()); if (session != null session.getAttribute(ub) != null)) { authorized = true; System.out.println(setting authorized = true); chain.doFilter(request, response); } // forward the request to login page if (!authorized) { System.out.println(kicked someone from +request.getRemoteAddr()); res.setHeader(session, invalid); res.sendError(HttpServletResponse.SC_UNAUTHORIZED, Your session is invalid or have expired.); } } Aside from the odd logic above, this looks okay, except, I don't see a redirect to a login form anywhere, here. You also didn't say what the URL mapping was for this filter was. Is it /*? If so, then you'll probably not be able to serve your login page unless you're logged-in. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1Zg8ACgkQ9CaO5/Lv0PA6HACcDuDEppOaVSyuDrvYqjB68uD5 Em4AnjyHmIRgcO5ncOAV22CkAPOy18Vp =SOPc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Session problem
Hello all, I have a problem that is driving me crazy. I don't even know if its a Tomcat issue but maybe someone out there can help me out. I have a webapp that I first developed locally. I tested this on my local environment (windows) and had no issues. I then deployed the same app to our QA environment (linux). There i am seeing something strange. There are three main tabs, Home, Messages and Admin. I can go between home and admin, no probs. But once i click on Messages, somehow the session on the server gets messed up. The way i check whether session is valid is not is that I have a filter that will check if a certain attribute is present in the session or not. If its not, i assume the session is invalid and forward to login page. As soon as i click on the Messages link, i cannot do anything else; anywhere else i click it takes me to the login page. I put print statements in my filter and verified that it is not able to find the attribute in the session. Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). I am not removing the attribute from the session in any place; and in any case it works fine locally as i said before. Does any one have any clue as to what could be happening? I can post code if needed, but i don't know where to begin :) Any help appreciated! Thanks. -h - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Jason, As each window shares the same session, a change to the session value in one window will effect the session value in the others. Stephen Caine On Aug 24, 2010, at 5:21 PM, Jason Britton wrote: I would make sure that the link for your Messages tab is going to the same domain as that your session was established under and is hitting the same domain as your Home and Admin links. This doesn't seem to have anything to do with Tomcat though. On Tue, Aug 24, 2010 at 1:53 PM, Hisham mohis...@gmail.com wrote: Hello all, I have a problem that is driving me crazy. I don't even know if its a Tomcat issue but maybe someone out there can help me out. I have a webapp that I first developed locally. I tested this on my local environment (windows) and had no issues. I then deployed the same app to our QA environment (linux). There i am seeing something strange. There are three main tabs, Home, Messages and Admin. I can go between home and admin, no probs. But once i click on Messages, somehow the session on the server gets messed up. The way i check whether session is valid is not is that I have a filter that will check if a certain attribute is present in the session or not. If its not, i assume the session is invalid and forward to login page. As soon as i click on the Messages link, i cannot do anything else; anywhere else i click it takes me to the login page. I put print statements in my filter and verified that it is not able to find the attribute in the session. Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). I am not removing the attribute from the session in any place; and in any case it works fine locally as i said before. Does any one have any clue as to what could be happening? I can post code if needed, but i don't know where to begin :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Stephen - your statement doesn't really make sense in context to the problem he described or how I replied. From Hisham's first post I believe he's describing tabs within the context of a single web page interface, when he clicks on any of the three tabs a request is made (asynchronous or otherwise), request passes through a servlet filter that checks for existence of session attribute etc.. I was suggesting he check that he hadn't, for some unknown reason, hardcoded a different domain for the Messages link, if that were the case that domain (eg. localhost instead of dev2) would not have the same session as the other links and the session attribute value he was looking for might not be there, which would fit with what he's describing. Jason On Tue, Aug 24, 2010 at 3:37 PM, Stephen Caine step...@commongrnd.com wrote: Jason, As each window shares the same session, a change to the session value in one window will effect the session value in the others. Stephen Caine On Aug 24, 2010, at 5:21 PM, Jason Britton wrote: I would make sure that the link for your Messages tab is going to the same domain as that your session was established under and is hitting the same domain as your Home and Admin links. This doesn't seem to have anything to do with Tomcat though. On Tue, Aug 24, 2010 at 1:53 PM, Hisham mohis...@gmail.com wrote: Hello all, I have a problem that is driving me crazy. I don't even know if its a Tomcat issue but maybe someone out there can help me out. I have a webapp that I first developed locally. I tested this on my local environment (windows) and had no issues. I then deployed the same app to our QA environment (linux). There i am seeing something strange. There are three main tabs, Home, Messages and Admin. I can go between home and admin, no probs. But once i click on Messages, somehow the session on the server gets messed up. The way i check whether session is valid is not is that I have a filter that will check if a certain attribute is present in the session or not. If its not, i assume the session is invalid and forward to login page. As soon as i click on the Messages link, i cannot do anything else; anywhere else i click it takes me to the login page. I put print statements in my filter and verified that it is not able to find the attribute in the session. Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). I am not removing the attribute from the session in any place; and in any case it works fine locally as i said before. Does any one have any clue as to what could be happening? I can post code if needed, but i don't know where to begin :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session problem
Jason, you're right in that the tabs i was referring to were tabs within my application. I will verify tomorrow whether the domain is different, but i seriously doubt it. Thanks for you reply. -h On Tue, Aug 24, 2010 at 8:06 PM, Jason Britton jbritto...@gmail.com wrote: Stephen - your statement doesn't really make sense in context to the problem he described or how I replied. From Hisham's first post I believe he's describing tabs within the context of a single web page interface, when he clicks on any of the three tabs a request is made (asynchronous or otherwise), request passes through a servlet filter that checks for existence of session attribute etc.. I was suggesting he check that he hadn't, for some unknown reason, hardcoded a different domain for the Messages link, if that were the case that domain (eg. localhost instead of dev2) would not have the same session as the other links and the session attribute value he was looking for might not be there, which would fit with what he's describing. Jason On Tue, Aug 24, 2010 at 3:37 PM, Stephen Caine step...@commongrnd.com wrote: Jason, As each window shares the same session, a change to the session value in one window will effect the session value in the others. Stephen Caine On Aug 24, 2010, at 5:21 PM, Jason Britton wrote: I would make sure that the link for your Messages tab is going to the same domain as that your session was established under and is hitting the same domain as your Home and Admin links. This doesn't seem to have anything to do with Tomcat though. On Tue, Aug 24, 2010 at 1:53 PM, Hisham mohis...@gmail.com wrote: Hello all, I have a problem that is driving me crazy. I don't even know if its a Tomcat issue but maybe someone out there can help me out. I have a webapp that I first developed locally. I tested this on my local environment (windows) and had no issues. I then deployed the same app to our QA environment (linux). There i am seeing something strange. There are three main tabs, Home, Messages and Admin. I can go between home and admin, no probs. But once i click on Messages, somehow the session on the server gets messed up. The way i check whether session is valid is not is that I have a filter that will check if a certain attribute is present in the session or not. If its not, i assume the session is invalid and forward to login page. As soon as i click on the Messages link, i cannot do anything else; anywhere else i click it takes me to the login page. I put print statements in my filter and verified that it is not able to find the attribute in the session. Which is strange because the session id is the same (i have verified by printing it out, and also seeing what is sent in the actual request headers via firebug). I am not removing the attribute from the session in any place; and in any case it works fine locally as i said before. Does any one have any clue as to what could be happening? I can post code if needed, but i don't know where to begin :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session problem in Tomcat server when system date changes.
Nagineni wrote: Hi, I'm quite surprise to see this issue in the tomcat server.While running the application ,I've changed my system date ahead a day.I observed that tomcat server started creating new session for the same client. Any pointers on this to resolve ?Please help me. Sessions have expiration times and Tomcat uses the date/time to track session creation and expiration. If you change the date/time by more than the session expiration time then the sessions are all going to expire. The solution is a set your system's clock and timezone correctly and use ntp to keep it that way. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
session problem in Tomcat server when system date changes.
Hi, I'm quite surprise to see this issue in the tomcat server.While running the application ,I've changed my system date ahead a day.I observed that tomcat server started creating new session for the same client. Any pointers on this to resolve ?Please help me. Thanks in advance. Regards, Naga. - Regards, Naga. -- View this message in context: http://www.nabble.com/session-problem-in-Tomcat-server-when-system-date-changes.-tp25270026p25270026.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomact behind ISA server - session problem
Hi, I have a Tomcat installed behind ISA server. It is properly(?) published, so I can reach it from outside world, as from LAN also. But, when I access my Tomcat application from LAN, all session attributes are fine, the app works as I want it to. When I access it from outside world, something is wrong with session. For example, I access the app from Firefox, exit Firefox, and start IE - the same session(!). On the other hand, I have a Java class as a session object, but sometimes I can not modify it, and sometimes I can. I must emphasize that everything works nice when I access the app from LAN. Any idea ? Thnks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomact behind ISA server - session problem
My first thought is some kind of caching proxy server. If you aren't the local IT admin, you might want to check with them what might exist on the border between the LAN and WAN. Tomcat itself doesn't treat the local LAN any different than the outside world. From it's perspective, a client is a client regardless of network location. --David Boban Jankovic wrote: Hi, I have a Tomcat installed behind ISA server. It is properly(?) published, so I can reach it from outside world, as from LAN also. But, when I access my Tomcat application from LAN, all session attributes are fine, the app works as I want it to. When I access it from outside world, something is wrong with session. For example, I access the app from Firefox, exit Firefox, and start IE - the same session(!). On the other hand, I have a Java class as a session object, but sometimes I can not modify it, and sometimes I can. I must emphasize that everything works nice when I access the app from LAN. Any idea ? Thnks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mod_jk balancing, session problem
Choose the suggested access log methods to improve observability (URLs and Cookie and Set-Cookie Headers. We make some tests with error log set to debug, but it is so many informations in the log (even the decrypted password !!, should it be so ??) that it may take some time to analyse everything. But here I have another question about the errors reported by JK status manager. In our production environment we have log level set to error and there are about 200 requests per worker shown by JK status manager as error , but there isn't any line in the mod_jk.log with error. Why is that so ? Another question is about tomcat catalina.out. Please find below a cut from log: 2006-08-10 06:17:20 org.apache.jk.core.MsgContext action WARNING: Error sending end packet java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:518) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:112) at org.apache.jk.core.MsgContext.action(MsgContext.java:293) at org.apache.coyote.Response.action(Response.java:182) at org.apache.coyote.Response.finish(Response.java:304) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:204) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) 2006-08-10 06:17:20 org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 2006-08-10 08:38:53 org.apache.jk.core.MsgContext action WARNING: Error sending end packet java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:518) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:112) at org.apache.jk.core.MsgContext.action(MsgContext.java:293) at org.apache.coyote.Response.action(Response.java:182) at org.apache.coyote.Response.finish(Response.java:304) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:204) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) 2006-08-10 08:38:53 org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 2006-08-10 08:57:51 org.apache.jk.core.MsgContext action WARNING: Error sending end packet java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:518) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:112) at org.apache.jk.core.MsgContext.action(MsgContext.java:293) at org.apache.coyote.Response.action(Response.java:182) at org.apache.coyote.Response.finish(Response.java:304) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:204) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) 2006-08-10 08:57:51 org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 Do you have any idea what my be the reason ? Best regards Artur -- View this message in context: http://www.nabble.com/Mod_jk-balancing%2C-session-problem-tf2073073.html#a5765997 Sent from
Re: Mod_jk balancing, session problem
Hi, Artur schrieb: - does it happen in times, when you get errors in the mod_jk-log? Does it happen at all times, or do you have peaks at special times? I can't figure it out, when this happens, but there isn't any special moment I can observe. It happens randomly. There isn't any error in mod_jk.log Choose the suggested access log methods to improve observability (URLs and Cookie and Set-Cookie Headers. And here I need some help. In mod_jk.log I always see the same worker - balancer worker, so I don't know which worker has been choosen. How can I change it ? I assume by adding request log to mod_jk you mean something like this: # JkRequestLogFormat set the request format JkRequestLogFormat %w %V %T OK, unfortunately mod_jk does not yet allow to log the sub worker of an lb. I'll check for improvement in 1.2.19... IfModule mpm_worker_module StartServers 5 MaxClients 448 MinSpareThreads 5 MaxSpareThreads 25 ThreadsPerChild 7 MaxRequestsPerChild 0 /IfModule Interesting, very few ThreadsPerChild. Not really a problem, but I wonder if this is efficient. We have decresed this value because we thought that maybe Apache is opening too many threads to Tomcat. We had in Tomcat's log entries saying All threads (500) are curently busy, increase maxThreds. Threads in Tomcat = Sum of numbers of apache threads used during peak times. So this relates more to MaxClients and not to ThreadsPerChild. If you want to connect many Apaches with a lot of threads to tomcat you need to use tricks like the APR connector on the tomcat side. A few hundred threads should be no problem, on a good OS even 1.000-2.000 should work. Think about using connect_timeout and prepost_timeout. Maybe also set recovery_options to 3. What values do you suggest for above parameters ? connect_timeout=2 This is in Milliseconds. Anything between 2000 and 2 should be OK. The right value depends on your trust in latency, reliability of your network and the responsiveness of the target machine. prepost_timeout=1 Values between 5000 and 3 are reasonable. Arguments the same as before. recovery_options=3 or 7 (here you'll need to experimnt on your own. The added 4 is very new, but maybe helpful). Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Mod_jk balancing, session problem
Artur wrote: Hello, We have environment with Apache (2.2.0) + Tomcat (5.5.17) connected via mod_jk (1.2.18). Further tomcat makes some queries to databese through Tuxedo services (BEA). Everything works fine until heavy load when something stops responding (Service not available). We think it is tomcat or mod_jk. It occures when Max busy connections on mod_jk status manager shows about 200. Mod_jk is in error status then. Understanding this situation would be helpful to decide, if adding another tomcat really helps (problem=database = more tomcats don't help etc.). So we decided to use mod_jk load balancing feature and we installed another instance of tomcat (on the same machine). Now service is available even under heavy load but we are losing sessions. What do you mean by losing sessions? I expect you mean users work in a session and then they send a request and get a response indicating, that the requested session has not been found? If so: - does it happen in times, when you get errors in the mod_jk-log? Does it happen at all times, or do you have peaks at special times? Stickyness sends users to the correct node, except when the node is not reachable (error, stopped). In this case users will be sent to one of the remaining nodes and - of course - without session replication their session will not be there. Session repllication means to establish a tomcat clusster, something you need to carefully test and that might force changes in your app. - if it happens even when there's no other problem at the same time: make session IDs trackable. Either your app uses URL rewriting, then your session ID is part of every request and logged in the apache access log. Or you use Cookies, then add logging of incoming header Cookie to your mod_log_config LogFormat. If you also add outgoing header Set-Cookie you are able to follow the sessions, and you can decide, if the users really send the correct session ID. Sometimes what you may find is: the previous request produced an error in the app, which then decided to invalidate the session. You can also add a request log to mod_jk, that logs, which worker has beend chosen for every request. That way you do not rely on your user feedback, but can measure the problem yourself (how many users/sessions, what time of day etc.). Of course sticky_session is set to true. Below I paste our config files. Please help if you only can. Best regards Artur ###Jk status for one day: NameTypejvmRouteHostAddrStatD F M V Acc Err Wr Rd BusyMax RR Cd worker2 ajp13 worker2 localhost:8009 127.0.0.1:8009 OK 0 1 1 2144824825 512 480M5.8G6 138 worker3 worker3 is in the original output and has iónly been removed by your copypaste? What was happening, when you got these 2144 Errors? The time stamps should be available from the mod_jk log. ###httpd.mpm section: # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves IfModule mpm_worker_module StartServers 5 MaxClients 448 MinSpareThreads 5 MaxSpareThreads 25 ThreadsPerChild 7 MaxRequestsPerChild 0 /IfModule Interesting, very few ThreadsPerChild. Not really a problem, but I wonder if this is efficient. ###workers.properties: # Define 3 workers, 2 real workers using ajp13 and the last one being a loadbalancing worker worker.list=worker1,jkstatus # Set properties for worker2 (ajp13) worker.worker2.type=ajp13 worker.worker2.host=localhost worker.worker2.port=8009 worker.worker2.lbfactor=1 worker.worker2.connection_pool_size=7 This should be set top the same value as ThreadsPerChild by mod_jk automatically. worker.worker2.connection_pool_timeout=300 worker.worker2.socket_timeout=60 Think about using connect_timeout and prepost_timeout. Maybe also set recovery_options to 3. # Set properties for worker4 (lb) which use worker1 and worker2 worker.worker3.type=ajp13 worker.worker3.host=localhost worker.worker3.port=8019 worker.worker3.lbfactor=1 worker.worker3.connection_pool_size=7 worker.worker3.connection_pool_timeout=300 worker.worker3.socket_timeout=60 # Define a 'jkstatus' worker using status worker.jkstatus.type=status worker.worker1.type=lb worker.worker1.sticky_session=true worker.worker1.method=R worker.worker1.balance_workers=worker2,worker3 ###server1.xml - connector section: !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009
Re: Mod_jk balancing, session problem
Rainer Jung-3 wrote: What do you mean by losing sessions? I expect you mean users work in a session and then they send a request and get a response indicating, that the requested session has not been found? Thats exactly what I meant. If so: - does it happen in times, when you get errors in the mod_jk-log? Does it happen at all times, or do you have peaks at special times? I can't figure it out, when this happens, but there isn't any special moment I can observe. It happens randomly. There isn't any error in mod_jk.log - if it happens even when there's no other problem at the same time: You can also add a request log to mod_jk, that logs, which worker has beend chosen for every request. That way you do not rely on your user feedback, but can measure the problem yourself (how many users/sessions, what time of day etc.). And here I need some help. In mod_jk.log I always see the same worker - balancer worker, so I don't know which worker has been choosen. How can I change it ? I assume by adding request log to mod_jk you mean something like this: # JkRequestLogFormat set the request format JkRequestLogFormat %w %V %T Of course sticky_session is set to true. Below I paste our config files. Please help if you only can. Best regards Artur ###Jk status for one day: Name TypejvmRouteHostAddrStatD F M V Acc Err Wr Rd BusyMax RR Cd worker2 ajp13 worker2 localhost:8009 127.0.0.1:8009 OK 0 1 1 2144824825 512 480M 5.8G6 138 worker3 worker3 is in the original output and has iónly been removed by your copypaste? Right What was happening, when you got these 2144 Errors? The time stamps should be available from the mod_jk log. Loosing session occurs even when there arnen't any errors in mod_jk status manager, it just looks like with next request you have to log in once more. ###httpd.mpm section: # worker MPM # StartServers: initial number of server processes to start # MaxClients: maximum number of simultaneous client connections # MinSpareThreads: minimum number of worker threads which are kept spare # MaxSpareThreads: maximum number of worker threads which are kept spare # ThreadsPerChild: constant number of worker threads in each server process # MaxRequestsPerChild: maximum number of requests a server process serves IfModule mpm_worker_module StartServers 5 MaxClients 448 MinSpareThreads 5 MaxSpareThreads 25 ThreadsPerChild 7 MaxRequestsPerChild 0 /IfModule Interesting, very few ThreadsPerChild. Not really a problem, but I wonder if this is efficient. We have decresed this value because we thought that maybe Apache is opening too many threads to Tomcat. We had in Tomcat's log entries saying All threads (500) are curently busy, increase maxThreds. Think about using connect_timeout and prepost_timeout. Maybe also set recovery_options to 3. What values do you suggest for above parameters ? -- View this message in context: http://www.nabble.com/Mod_jk-balancing%2C-session-problem-tf2073073.html#a5710742 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j-_security_check session problem with load balancer
Hello, We are using tomcat 5.5.16 with a Redline Networks Enterprise Application Processor load balancer between two machines. The balancer is session sticky. Every so often we get a problem with users not being able to log in. (We are using JDBC Realm form authentication.) The error the users sees is the URL .../j_security_check and a standard browser cannot connect error. It seems Tomcat needs the user to hit the same machine for the security check as it did for the 1st connect. i.e. I can simulate the problem by going to my apps login screen, stop/starting the webapp via the manager in another browser window, and trying to now login back in the first browser window. I get the same /j_security_check error. Questions: 1. Why doesn't tomcat just send me back to the login screen if the session is invalid? 2. Any idea why the load balancer would sometimes show this same behavior? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session problem
Cookies might be blocked on the other pc's browser -Tim David Won wrote: I developed a very simple project, there is a jsp page and a servlet. In servlet: session.setAttribute(my,abc); In jsp: String mystring = (String) session.getAttribute(my); This project works perfect in one of my PC, but when I deployed it to another PC, mystring in jsp always gets a null from the session. The tomcat version in both PC are exactly same. Any help would be greatly appreciated! Thank you! David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session problem
No, I never had that problem, it was just an idea, I was reviewing my app and that is the way I have my servlets a jsp`s Mauricio Fernández A. Ingeniero de Sistemas U. Autónoma de Manizales -Mensaje original- De: David Won [mailto:[EMAIL PROTECTED] Enviado el: viernes, 21 octubre, 2005 19:32 Para: Tomcat Users List Asunto: RE: session problem Hi Mauricio, It is really weired that after 2 weeks failuer, this morning it works! I did not change a single code but it works now. Also I did not change any system configuration related with network and any other enviorenment. Yesterday the session did not work, now because it works I even cannot try your solution, but I will try your code if the problem comes up again in the future. Could you tell me if you have encountered this similar problem before? Thank you so much! David Mauricio Fernandez A. [EMAIL PROTECTED] wrote: David, try this: In Servlet: request.getSession().setAttribute(my,abc); In jsp: String myString = (String)request.getSession().getAttribute(my); Mauricio Fernández A. Ingeniero de Sistemas U. Autónoma de Manizales -Mensaje original- De: David Won [mailto:[EMAIL PROTECTED] Enviado el: viernes, 21 octubre, 2005 7:21 Para: users@tomcat.apache.org Asunto: session problem I developed a very simple project, there is a jsp page and a servlet. In servlet: session.setAttribute(my,abc); In jsp: String mystring = (String) session.getAttribute(my); This project works perfect in one of my PC, but when I deployed it to another PC, mystring in jsp always gets a null from the session. The tomcat version in both PC are exactly same. Any help would be greatly appreciated! Thank you! David - Yahoo! FareChase - Search multiple travel sites in one click. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Yahoo! FareChase - Search multiple travel sites in one click. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session problem
I developed a very simple project, there is a jsp page and a servlet. In servlet: session.setAttribute(my,abc); In jsp: String mystring = (String) session.getAttribute(my); This project works perfect in one of my PC, but when I deployed it to another PC, mystring in jsp always gets a null from the session. The tomcat version in both PC are exactly same. Any help would be greatly appreciated! Thank you! David - Yahoo! FareChase - Search multiple travel sites in one click.