Does the code transparently create a new JSessionID value then? George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585
> -----Original Message----- > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 15, 2006 12:48 PM > To: Tomcat Users List > Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > sessions started in non-ssl mode should carry over to SSL, > but not the > other way around. > Filip > > > Joey Geiger wrote: > >>> You do realize that sessions don't carry over between SSL > and non-SSL > >>> request don't you? > >>> > > > > What is the proper/best way to go about this then, since I > will be facing a > > similar situation in the near future? (Shopping cart bean, > customer bean > > saved in the session.) > > > > Thanks. > > > > > > -----Original Message----- > > From: George Sexton [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, February 15, 2006 12:17 PM > > To: 'Tomcat Users List'; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; > > [EMAIL PROTECTED] > > Subject: RE: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > > > You do realize that sessions don't carry over between SSL > and non-SSL > > request don't you? > > > > You can't have a session ID that carries over from a > non-ssl session to an > > SSL session because that session ID is compromised (it has > been exposed) as > > plain text. > > > > As an aside, I looked at your form. You should really use > > HttpServletRequest.getLocale() to pick up your user's > locale and then > > provide date formatting for the user locale. > > > > George Sexton > > MH Software, Inc. > > http://www.mhsoftware.com/ > > Voice: 303 438 9585 > > > > > > > >> -----Original Message----- > >> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >> Sent: Wednesday, February 15, 2006 11:03 AM > >> To: 'Tomcat Users List'; [EMAIL PROTECTED]; > >> [EMAIL PROTECTED] > >> Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >> > >> As the problem occurs with a live site, you can see it yourself at > >> www.tophotelchoices.com. Do a search for any hotel. You > >> will see the > >> results. By the time the results page is loaded your session > >> has expired > >> but you do not know. Click on the "Book" or "Request" button > >> of any hotel > >> and you will see the Timeout page. > >> > >> Remember that the above only happens with FireFox. > >> > >> I will greatly appreciate your help. > >> > >> > >>> -----Original Message----- > >>> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>> Sent: 15 February 2006 19:45 > >>> To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > >>> Cc: 'Tomcat Users List' > >>> Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>> > >>> I tried with NetScape and Opera to see what happens. > >>> > >>> For NetScape the first time I tried it was ok up to the stage > >>> that I switched to SSL. At that step, I lost my session. > >>> After trying several times again I noticed NetScape was ok. > >>> > >>> With Opera all works fine, like with IE, from the beginning. > >>> > >>> So major problem is still FireFox and it must be something > >>> that it sends (or not sends) back to Tomcat that causes > >>> session expiration. > >>> > >>> Thanks for your assistance. > >>> > >>> Michael > >>> > >>> > >>>> -----Original Message----- > >>>> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>> Sent: 15 February 2006 17:48 > >>>> To: 'Tomcat Users List' > >>>> Subject: RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>> > >>>> Not at the stage that this problem occurs. SSL is used > >>>> > >>> further on when > >>> > >>>> the user logs in to make a payment but the SSL pages are > >>>> > >>> never reached > >>> > >>>> with FireFox because of the early timeout. With IE all is ok, > >>>> including SSL connections. > >>>> > >>>> > >>>>> -----Original Message----- > >>>>> From: [EMAIL PROTECTED] > >>>>> [mailto:[EMAIL PROTECTED] > >>>>> Sent: 15 February 2006 17:43 > >>>>> To: 'Tomcat Users List' > >>>>> Subject: RE: Session Expires At Every Request > >>>>> > >> (Tomcat5.0.28/Firefox) > >> > >>>>> Are you using SSL connection ? > >>>>> > >>>>> -----Message d'origine----- > >>>>> De : > >>>>> [EMAIL PROTECTED] > >>>>> > >>>> pache.org > >>>> > >>>>> [mailto:users-return-140612-alexandre.tastet=fr.fortisbank.com@ > >>>>> > >>>> tomcat.ap > >>>> > >>>>> ache.org]De la part de Michael Andreas Omerou Envoye : > >>>>> mercredi 15 fevrier 2006 16:34 A : 'Tomcat Users List' > >>>>> Objet : RE: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>>> > >>>>> > >>>>> It is 30 minutes. If I do > >>>>> request.getSession().getMaxInactiveInterval() I get > 1800 (seconds I > >>>>> guess) which is the correct value for 30 minutes. > >>>>> > >>>>> Michael > >>>>> > >>>>> > >>>>>> -----Original Message----- > >>>>>> From: Earnie Dyke [mailto:[EMAIL PROTECTED] > >>>>>> Sent: 15 February 2006 17:25 > >>>>>> To: Tomcat Users List > >>>>>> Subject: RE: Session Expires At Every Request > >>>>>> > >> (Tomcat5.0.28/Firefox) > >> > >>>>>> The META tags should not have an effect on cookies. Firefox > >>>>>> > >>>> would not > >>>> > >>>>>> be the one that expires your session, Tomcat would. > >>>>>> Do you have a session timeout specified in your application? > >>>>>> > >>>>>> Earnie! > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>> Sent: Wednesday, February 15, 2006 10:19 AM > >>>>>> To: 'Tomcat Users List' > >>>>>> Subject: RE: Session Expires At Every Request > >>>>>> > >> (Tomcat5.0.28/Firefox) > >> > >>>>>> Hi Earnie, > >>>>>> > >>>>>> Cookies are allowed at the browser. It seems for some > >>>>>> > >>>> reason that at > >>>> > >>>>>> then end of loading each JSP firefox expires my session. I > >>>>>> > >>> use some > >>> > >>>>>> meta tags (<META HTTP-EQUIV="Cache-Control" > >>>>>> > >>>>> CONTENT="No-Cache">, <META > >>>>> > >>>>>> HTTP-EQUIV="Pragma" CONTENT="No-Cache">, <META > >>>>>> > >> HTTP-EQUIV="Expires" > >> > >>>>>> CONTENT="-1">) and also set the corresponding header > values using > >>>>>> response.setHeader but even if I remove them nothing changes. > >>>>>> > >>>>>> Michael > >>>>>> > >>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: Earnie Dyke [mailto:[EMAIL PROTECTED] > >>>>>>> Sent: 15 February 2006 17:10 > >>>>>>> To: Tomcat Users List > >>>>>>> Subject: RE: Session Expires At Every Request > >>>>>>> > >>> (Tomcat5.0.28/Firefox) > >>> > >>>>>>> Are you blocking cookies at the browser? > >>>>>>> > >>>>>>> Earnie! > >>>>>>> > >>>>>>> -----Original Message----- > >>>>>>> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>>> Sent: Wednesday, February 15, 2006 10:06 AM > >>>>>>> To: 'Tomcat Users List' > >>>>>>> Subject: Session Expires At Every Request > (Tomcat5.0.28/Firefox) > >>>>>>> > >>>>>>> > >>>>>>> Anybody has an idea what could be causing what I describe in > >>>>>>> > >>>>>> the below > >>>>>> > >>>>>>> two emails? > >>>>>>> > >>>>>>> > >>>>>>>> -----Original Message----- > >>>>>>>> From: Michael Andreas Omerou [mailto:[EMAIL PROTECTED] > >>>>>>>> Sent: 15 February 2006 13:10 > >>>>>>>> To: 'Tomcat Users List' > >>>>>>>> Subject: RE: Session Problems with Firefox > >>>>>>>> > >>>>>>>> Further to my below email I have put in some code to check > >>>>>>>> > >>>> the HTTP > >>>> > >>>>>>>> headers in each case (IE and FireFox). > >>>>>>>> > >>>>>>>> These are: > >>>>>>>> > >>>>>>>> IE > >>>>>>>> accept: */* > >>>>>>>> accept-language: en-gb > >>>>>>>> accept-encoding: gzip, deflate > >>>>>>>> user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT > >>>>>>>> > >>>> 5.1; SV1; > >>>> > >>>>>>>> .NET CLR 1.1.4322; InfoPath.1) > >>>>>>>> host: localhost > >>>>>>>> connection: Keep-Alive > >>>>>>>> cookie: JSESSIONID=D79835F3D70ADD58F4770DD15B463320 > >>>>>>>> > >>>>>>>> FireFox > >>>>>>>> host: localhost > >>>>>>>> user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; > >>>>>>>> > >>>>>> rv:1.7.12) > >>>>>> > >>>>>>>> Gecko/20050919 Firefox/1.0.7 > >>>>>>>> accept: > >>>>>>>> > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, > >>>>>>>> > >>>>>>> text/plain;q= > >>>>>>> > >>>>>>>> 0.8,image/png,*/*;q=0.5 > >>>>>>>> accept-language: en-gb,en;q=0.5 > >>>>>>>> accept-encoding: gzip,deflate > >>>>>>>> accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >>>>>>>> keep-alive: 300 > >>>>>>>> connection: keep-alive > >>>>>>>> cookie: JSESSIONID=A3893195B065989E5B03BC8681E4D0D6 > >>>>>>>> cache-control: max-age=0 > >>>>>>>> > >>>>>>>> > >>>>>>>> I wonder whether the keep-alive which exists in the case of > >>>>>>>> > >>>>>>> FireFox but > >>>>>>> > >>>>>>>> not in the case of IE could be the cause of my problems. > >>>>>>>> > >>>>>>>> Michael > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>>> -----Original Message----- > >>>>>>>>> From: Michael Andreas Omerou > [mailto:[EMAIL PROTECTED] > >>>>>>>>> Sent: 15 February 2006 11:27 > >>>>>>>>> To: users@tomcat.apache.org > >>>>>>>>> Subject: Session Problems with Firefox > >>>>>>>>> > >>>>>>>>> Hello, > >>>>>>>>> > >>>>>>>>> I have some problems with session management when our > >>>>>>>>> > >>> application > >>> > >>>>>>>>> runsin Firefox. > >>>>>>>>> > >>>>>>>>> Basically, what happens is that after I set in the > >>>>>>>>> > >> session some > >> > >>>>>>>>> attributes/beans which are needed down the application, I > >>>>>>>>> > >>>>>>>> check in all > >>>>>>>> > >>>>>>>>> JSPs and servlets that an old session is still > there by using > >>>>>>>>> if (request.getSession(false)==null){ > >>>>>>>>> > >>>>>>>>> response.sendRedirect(response.encodeRedirectURL("timeo > >>>>>>>>> > >> ut.jsp")); > >> > >>>>>>>>> } > >>>>>>>>> > >>>>>>>>> With IE all works fine, however with Firefox, it seems that > >>>>>>>>> > >>>>>>>> the session > >>>>>>>> > >>>>>>>>> is re-initialised whenever the client/browser requests a new > >>>>>>>>> > >>>>>>> page. I > >>>>>>> > >>>>>>>>> checked this by printing the session id in the log on each > >>>>>>>>> > >>>>> page and > >>>>> > >>>>>>>>> with IE it does not change, while with Firefox it changes. > >>>>>>>>> > >>>>>>>>> I checked my firefox settings for cookies and all look ok. > >>>>>>>>> > >>>>>>>>> Anybody has a clue of what I might be doing wrong? > >>>>>>>>> > >>>>>>>>> Regards, > >>>>>>>>> Michael > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ------------------------------------------------------------ > >>>>>>>>> > >>>>>> --------- > >>>>>> > >>>>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>>>> For additional commands, e-mail: > [EMAIL PROTECTED] > >>>>>>>>> > >>>>>>>>> > >>>>>>>> ------------------------------------------------------------ > >>>>>>>> > >>>>> --------- > >>>>> > >>>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>>> > >>>>>>>> > >>>>>>> ------------------------------------------------------------ > >>>>>>> > >>>> --------- > >>>> > >>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>> > >>>>>>> > >>>>>>> ------------------------------------------------------------ > >>>>>>> > >>>> --------- > >>>> > >>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>>> > >>>>>>> > >>>>>> ------------------------------------------------------------ > >>>>>> > >>> --------- > >>> > >>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>>> ------------------------------------------------------------ > >>>>>> > >>> --------- > >>> > >>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>>> > >>>>>> > >>>>> ----------------------------------------------------------- > >>>>> > >> ---------- > >> > >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> Ce message avec ses documents attaches sont confidentiels > >>>>> > >> et a usage > >> > >>>>> exclusif du ou des destinataires. La responsabilite de > >>>>> > >> Fortis Banque > >> > >>>>> France ne peut en aucun cas etre engagee suite a un prejudice > >>>>> > >>>> lie a un > >>>> > >>>>> incident de securite, d'integrite, de virus ou a un > retard dans la > >>>>> transmission. De plus, ce document n'a aucune valeur > >>>>> > >>> contractuelle ou > >>> > >>>>> juridique; en particulier, aucune transaction commerciale ne > >>>>> > >>>> peut etre > >>>> > >>>>> basee exclusivement sur des emails. > >>>>> > >>>>> This message and its attachments are confidential; their use is > >>>>> restricted to their recipient(s). Fortis Banque France > >>>>> > >>> cannot, in any > >>> > >>>>> way, be responsible for any prejudice linked to any incident > >>>>> > >>>> regarding > >>>> > >>>>> security, integrity, virus or delay in transmission. > >>>>> > >> Moreover, this > >> > >>>>> document has no contractual nor legal value whatsoever; in > >>>>> > >>>> particular, > >>>> > >>>>> no business transaction can, in any way, be based > exclusively on > >>>>> emails. > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> ----------------------------------------------------------- > >>>>> > >> ---------- > >> > >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>>> > >>>>> > >>>> ------------------------------------------------------------ > >>>> > >> --------- > >> > >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>> For additional commands, e-mail: [EMAIL PROTECTED] > >>>> > >>>> > >>> > --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]