Typically this happens when the session with ID x is invalidated, then each request with the same sessionid will create a new session.
One typical scenario for that is a framed site, where there is one navigation frame and (at least) one content frame. If the user has diabled cookies all links in the navigation frame contain session id X unless the navigation frame is reloaded. After a timeout of session X each click to link in the navigation frame will create a new session. How something like that can happen with cookies enabled is not clear to me. Some recommended actions to track down the problem: - Log each session invalidation Look if session was invalidated when you find a request for this session that created a new session. Find out why the session was invalidated (timeout) - If session.isNew is true log folowing data request.getRequestedSessionId(), request.isRequestedSessionIdFromUrl() request.isRequestedSessionIdFromCookie() request.isRequestedSessionIdValid() > -----Original Message----- > From: Charlie Toohey [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 9:08 PM > To: [EMAIL PROTECTED] > Subject: Tomcat losing session > > > Infrequently, Tomcat is creating a new session on each > request from the same > cookie, when all of the requests should be in the same session. > > I am logging the cookie and session ids to debug this. What I > see is that a > request comes in with cookie JSESSIONID=X. Tomcat creates a > new session, with > session id=Y. Then, another request comes in from the same > client, and cookie > value JSESSIONID=X (still). Tomcat creates a new session > again, with session > id=Z. > > What happens most of the time is that client request comes in > with cookie > value JSESSIONID=X, and Tomcat creates a new session with > session id = Y. > When another request comes in from the same client, cookie > value JSESSIONID > now = Y, and Tomcat session id is Y. As expected. > > The same requests can produce the two different scenarios, so > it does not > appear to be specific to the resource which is requested. > But there are more > specifics --- when this happens, the first resource requested > in the session > is a servlet, which does a sendRedirect, resulting in the > request. I don't > know if there is something about this sequence that could > cause the problem. > > As I said, this happens very infrequently, and can not be > reproduced at will. > When it does happen, it happens on every request from the > client --- every > request receives the same cookie JSESSIONID value, but > creates a new session. > It's like once it gets into that mode, it can't get out. > > Has anyone else ever experience this behavior of losing sessions ? > > We are using Tomcat 4.1.12 with Apache 1.3.27 running on > Mandrake Linux 8.1. > > Thanks for any help, > Charlie > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>