Re: Session Expires At Every Request (Tomcat5.0.28/Firefox)

[Filip Hanik - Dev Lists]

sessions started in non-ssl mode should carry over to SSL, but not the 
other way around.
Filip

Joey Geiger wrote:
You do realize that sessions don't carry over between SSL and non-SSL
request don't you?
      

What is the proper/best way to go about this then, since I will be facing a
similar situation in the near future? (Shopping cart bean, customer bean
saved in the session.)

Thanks.


-----Original Message-----
From: George Sexton [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 15, 2006 12:17 PM
To: 'Tomcat Users List'; [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)

You do realize that sessions don't carry over between SSL and non-SSL
request don't you?

You can't have a session ID that carries over from a non-ssl session to an
SSL session because that session ID is compromised (it has been exposed) as
plain text.

As an aside, I looked at your form. You should really use
HttpServletRequest.getLocale() to pick up your user's locale and then
provide date formatting for the user locale.

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
  

  
-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 15, 2006 11:03 AM
To: 'Tomcat Users List'; [EMAIL PROTECTED]; 
[EMAIL PROTECTED]
Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)

As the problem occurs with a live site, you can see it yourself at
www.tophotelchoices.com.  Do a search for any hotel.   You 
will see the
results.  By the time the results page is loaded your session 
has expired
but you do not know.  Click on the "Book" or "Request" button 
of any hotel
and you will see the Timeout page.

Remember that the above only happens with FireFox.

I will greatly appreciate your help.

    
-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] 
Sent: 15 February 2006 19:45
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: 'Tomcat Users List'
Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)

I tried with NetScape and Opera to see what happens.  

For NetScape the first time I tried it was ok up to the stage 
that I switched to SSL.  At that step, I lost my session.  
After trying several times again I noticed NetScape was ok.

With Opera all works fine, like with IE, from the beginning.

So major problem is still FireFox and it must be something 
that it sends (or not sends) back to Tomcat that causes 
session expiration.

Thanks for your assistance.

Michael

      
-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 17:48
To: 'Tomcat Users List'
Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)

Not at the stage that this problem occurs.  SSL is used 
        
further on when 
      
the user logs in to make a payment but the SSL pages are 
        
never reached 
      
with FireFox because of the early timeout.  With IE all is ok, 
including SSL connections.

        
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 17:43
To: 'Tomcat Users List'
Subject: RE: Session Expires At Every Request 
          
(Tomcat5.0.28/Firefox)
    
Are you using SSL connection ?

-----Message d'origine-----
De :
[EMAIL PROTECTED]
          
pache.org
        
[mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@
          
tomcat.ap
        
ache.org]De la part de Michael Andreas Omerou Envoye : 
mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List'
Objet : RE: Session Expires At Every Request (Tomcat5.0.28/Firefox)


It is 30 minutes.  If I do
request.getSession().getMaxInactiveInterval() I get 1800 (seconds I
guess) which is the correct value for 30 minutes.

Michael

          
-----Original Message-----
From: Earnie Dyke [mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 17:25
To: Tomcat Users List
Subject: RE: Session Expires At Every Request 
            
(Tomcat5.0.28/Firefox)
    
The META tags should not have an effect on cookies. Firefox
            
would not
        
be the one that expires your session, Tomcat would.
Do you have a session timeout specified in your application?

Earnie!

-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 15, 2006 10:19 AM
To: 'Tomcat Users List'
Subject: RE: Session Expires At Every Request 
            
(Tomcat5.0.28/Firefox)
    
Hi Earnie,

Cookies are allowed at the browser.  It seems for some
            
reason that at
        
then end of loading each JSP firefox expires my session.  I 
            
use some 
      
meta tags (<META HTTP-EQUIV="Cache-Control"
            
CONTENT="No-Cache">, <META
          
HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META 
            
HTTP-EQUIV="Expires"
    
CONTENT="-1">) and also set the corresponding header values using 
response.setHeader but even if I remove them nothing changes.

Michael

            
-----Original Message-----
From: Earnie Dyke [mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 17:10
To: Tomcat Users List
Subject: RE: Session Expires At Every Request 
              
(Tomcat5.0.28/Firefox)
      
Are you blocking cookies at the browser?

Earnie!

-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 15, 2006 10:06 AM
To: 'Tomcat Users List'
Subject: Session Expires At Every Request (Tomcat5.0.28/Firefox)


Anybody has an idea what could be causing what I describe in
              
the below
            
two emails?

              
-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 13:10
To: 'Tomcat Users List'
Subject: RE: Session Problems with Firefox

Further to my below email I have put in some code to check
                
the HTTP
        
headers in each case (IE and FireFox).

These are:

IE
accept: */*
accept-language: en-gb
accept-encoding: gzip, deflate
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
                
5.1; SV1;
        
.NET CLR 1.1.4322; InfoPath.1)
host: localhost
connection: Keep-Alive
cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320

FireFox
host: localhost
user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB;
                
rv:1.7.12)
            
Gecko/20050919 Firefox/1.0.7
accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,
                
text/plain;q=
              
0.8,image/png,*/*;q=0.5
accept-language: en-gb,en;q=0.5
accept-encoding: gzip,deflate
accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
keep-alive: 300
connection: keep-alive
cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6
cache-control: max-age=0


I wonder whether the keep-alive which exists in the case of
                
FireFox but
              
not in the case of IE could be the cause of my problems.

Michael



                
-----Original Message-----
From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED]
Sent: 15 February 2006 11:27
To: users@tomcat.apache.org
Subject: Session Problems with Firefox

Hello,

I have some problems with session management when our 
                  
application 
      
runsin Firefox.

Basically, what happens is that after I set in the 
                  
session some 
    
attributes/beans which are needed down the application, I
                  
check in all
                
JSPs and servlets that an old session is still there by using
                if (request.getSession(false)==null){

response.sendRedirect(response.encodeRedirectURL("timeo
                  
ut.jsp"));
    
           }

With IE all works fine, however with Firefox, it seems that
                  
the session
                
is re-initialised whenever the client/browser requests a new
                  
page.  I
              
checked this by printing the session id in the log on each
                  
page and
          
with IE it does not change, while with Firefox it changes.

I checked my firefox settings for cookies and all look ok.

Anybody has a clue of what I might be doing wrong?

Regards,
Michael


------------------------------------------------------------
                  
---------
            
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

                  
------------------------------------------------------------
                
---------
          
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

                
------------------------------------------------------------
              
---------
        
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


------------------------------------------------------------
              
---------
        
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

              
------------------------------------------------------------
            
---------
      
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


------------------------------------------------------------
            
---------
      
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

            
-----------------------------------------------------------
          
----------
    
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Ce message avec ses documents attaches sont confidentiels 
          
et a usage 
    
exclusif du ou des destinataires. La responsabilite de 
          
Fortis Banque 
    
France ne peut en aucun cas etre engagee suite a un prejudice
          
lie a un
        
incident de securite, d'integrite, de virus ou a un retard dans la 
transmission. De plus, ce document n'a aucune valeur 
          
contractuelle ou 
      
juridique; en particulier, aucune transaction commerciale ne
          
peut etre
        
basee exclusivement sur des emails.

This message and its attachments are confidential; their use is 
restricted to their recipient(s). Fortis Banque France 
          
cannot, in any 
      
way, be responsible for any prejudice linked to any incident
          
regarding
        
security, integrity, virus or delay in transmission. 
          
Moreover, this 
    
document has no contractual nor legal value whatsoever; in
          
particular,
        
no business transaction can, in any way, be based exclusively on 
emails.




-----------------------------------------------------------
          
----------
    
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

          
------------------------------------------------------------
        
---------
    
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

        
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

      
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


    


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]