Re: Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request / JSESSIONID changes
On 08/06/2011 10:18, Sascha Hesse wrote: Hello all, I'm hosting our spring mvc 3.0.5 application in tomcat 7.0.14 and also tried 6.0.32 The server is hosting two webapps. The frontend: http://localhost:50012/frontend The backend: http://localhost:50012/backend The Request-Flow looks as following: User: http://localhost:50012/frontend/index.htm AJAX Frontend: http://localhost:50012/frontend/setFilter.htm AJAX Backend: http://localhost:50012/backend/setFilter.htm User: onClick() AJAX Frontend: http://localhost:50012/frontend/setFilter.htm AJAX Backend: http://localhost:50012/backend/setFilter.htm The corresponding request-pairs to frontend and backend should be identified via the sessionID. Tomcat is doing that via Cookie JSESSIONID. I configured Tomcat according to https://issues.apache.org/bugzilla/show_bug.cgi?id=48379 Context sessionCookiePath=/ sessionCookieDomain=.localhost If I look into the cookies in request and response the following happens (note I shortened the sessionIds) User: http://localhost:50012/frontend/index.htm ResponseHeader: - RequestHeader: JSESSIONID=1 AJAX Frontend: http://localhost:50012/frontend/setFilter.htm ResponseHeader: - RequestHeader: JSESSIONID=1 AJAX Backend: http://localhost:50012/backend/setFilter.htm ResponseHeader: set JSESSIONID=2 RequestHeader: JSESSIONID=1 User: onClick() AJAX Frontend: http://localhost:50012/frontend/setFilter.htm ResponseHeader: setJSESSIONID=3 RequestHeader: JSESSIONID=2 AJAX Backend: http://localhost:50012/backend/setFilter.htm ResponseHeader: - RequestHeader: JSESSIONID=2 ...the sessionID alsways changes when I'm requesting the other context. Has anyone a hint according to this? Does the AJAX javascript set the session id in a cookie header, or append it as a path attribute? You can't rely on the browser to do this automagically for you in most AJAX libs. p signature.asc Description: OpenPGP digital signature
Re: Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request / JSESSIONID changes
it was set in a header. But I already figured out what the Problem was. For the Browser (Firefox 4) .localhost is not a valid domain for a cookie. Some documents on the web say, that for localhost domain has to be empty. This also didn't work. The solution was requesting the service with a full qualified hostname and then setting the cookie according to the fqn. Hope this helps everybody who runs in the same pitfall. Regards Sascha Does the AJAX javascript set the session id in a cookie header, or append it as a path attribute? You can't rely on the browser to do this automagically for you in most AJAX libs. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7.0.14 / 6.0.32 session gets obviously invalid after request / JSESSIONID changes
Hello all, I'm hosting our spring mvc 3.0.5 application in tomcat 7.0.14 and also tried 6.0.32 The server is hosting two webapps. The frontend: http://localhost:50012/frontend The backend: http://localhost:50012/backend The Request-Flow looks as following: User: http://localhost:50012/frontend/index.htm AJAX Frontend: http://localhost:50012/frontend/setFilter.htm AJAX Backend: http://localhost:50012/backend/setFilter.htm User: onClick() AJAX Frontend: http://localhost:50012/frontend/setFilter.htm AJAX Backend: http://localhost:50012/backend/setFilter.htm The corresponding request-pairs to frontend and backend should be identified via the sessionID. Tomcat is doing that via Cookie JSESSIONID. I configured Tomcat according to https://issues.apache.org/bugzilla/show_bug.cgi?id=48379 Context sessionCookiePath=/ sessionCookieDomain=.localhost If I look into the cookies in request and response the following happens (note I shortened the sessionIds) User: http://localhost:50012/frontend/index.htm ResponseHeader: - RequestHeader: JSESSIONID=1 AJAX Frontend: http://localhost:50012/frontend/setFilter.htm ResponseHeader: - RequestHeader: JSESSIONID=1 AJAX Backend: http://localhost:50012/backend/setFilter.htm ResponseHeader: set JSESSIONID=2 RequestHeader: JSESSIONID=1 User: onClick() AJAX Frontend: http://localhost:50012/frontend/setFilter.htm ResponseHeader: setJSESSIONID=3 RequestHeader: JSESSIONID=2 AJAX Backend: http://localhost:50012/backend/setFilter.htm ResponseHeader: - RequestHeader: JSESSIONID=2 ...the sessionID alsways changes when I'm requesting the other context. Has anyone a hint according to this? Kind regards Sascha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org