Dear all, Thanks for your replies to my problem. However, I think the discussion has been "diverted" into a debate totally irrelevant to the issue.
As far as Chuck's question whether this could be related to the popup, this is not the case as the problem happens on other pages too, even on index.jsp (first page) Regarding Filip's email and monitoring HTTP Headers I am impressed that it seems to work for you. I run FireFox on Windows XP Pro SP2 and what happens is that when a page finishes loading, the session expires on the server. When the user/browser requests another page the correct session id is sent from the browser but the server detects that this session id sent is no more valid (expired) and so we have a timeout. However, this behaviour, only occurs with FireFox. I tried it from another PC with XP Pro SP2 too but the problem is the same. With IE, NetScape and Opera all is ok. I want to emphasize that this behaviour does not happen only when switching from SSL to non-SSL or vice versa. Even if I try to access pages such as the About Us or the Contact Us the session expires again. However, in that case the problem is not "visible" to the user since those pages do not contain any session specific data so even with a new session it is ok. Try the following though and you will see what I mean. On tophotelchoices.com do a search for a hotel. Let the results be displayed and then, go to the About Us page. Then, click your browser's back button and instead of going back to the search results you get a timeout (if you get search results it will be from browser's cache, do a reload and you will get timeout). Monitoring the HTTP headers for both IE and Firefox using HttpAnalyzer for IE and LiveHttpHeaders for Firefox gives the following: 1) IE (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1 Accept:*/* Accept-Language:en-gb Accept-Encoding:gzip, deflate User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1) Host:www.tophotelchoices.com Proxy-Connection:Keep-Alive Pragma:no-cache Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D (Status-Line):HTTP/1.0 200 OK Date:Thu, 16 Feb 2006 22:09:18 GMT Server:Apache/1.3.33 (Unix) mod_jk/1.2.15 Cache-Control:no-cache Pragma:no-cache Expires:Wed, 31 Dec 1969 23:59:59 GMT Content-Type:text/html;charset=UTF-8 X-Cache:MISS from proxy01.spidernet.net X-Cache-Lookup:MISS from proxy01.spidernet.net:83 Proxy-Connection:close 2) FIREFOX: GET http://www.tophotelchoices.com/index.jsp HTTP/1.1 Host: www.tophotelchoices.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12) Gecko/20050919 Firefox/1.0.7 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= 0.8,image/png,*/*;q=0.5 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://www.tophotelchoices.com/timeout.jsp Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358 Cache-Control: max-age=0 HTTP/1.x 200 OK Date: Thu, 16 Feb 2006 22:12:27 GMT Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 Cache-Control: no-cache Pragma: no-cache Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Type: text/html;charset=UTF-8 X-Cache: MISS from proxy01.spidernet.net X-Cache-Lookup: MISS from proxy01.spidernet.net:83 Proxy-Connection: close Obviously, the response is the same in both cases, however, for FireFox the important difference I see in Request is the one saying Cache-control: max-age=0 and also, the Keep-Alive value 300. I do not think the Keep-Alive value is the problem, however, the Cache-Control: max-age=0 is suspicious. In my code I have response.setHeader("Cache-Control","no-cache") but I think this is different. Does anyone have a clue what the max-age:0 is doing? Your help will be greatly appreciated. Thanks and regards, Michael >-----Original Message----- >From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >Sent: 15 February 2006 22:16 >To: Tomcat Users List >Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) > >George Sexton wrote: >> Does the code transparently create a new JSessionID value then? > >George, >you might wanna rethink your comments, they don't shine any >light on the issue and they for sure don't state any facts, >let me prove you I am right. Below is the headers I tracked >with LiveHttpHeaders, as you can see, JSESSIONID remains >exactly the same in the browser request when the switch from >HTTP to HTTPS happens. >This is Firefox on Fedora 4. The site works fine. > >This must be a browser issue, can you tell us a little bit >more about what version and platform your browser is on. > >1. Request to the home - non secure >============================================================ >http://www.tophotelchoices.com/ >GET / HTTP/1.1 >Host: www.tophotelchoices.com >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >Gecko/20060124 Firefox/1.5.0.1 >Accept: >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 >Accept-Language: en-us,en;q=0.5 >Accept-Encoding: gzip,deflate >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >Keep-Alive: 300 >Connection: keep-alive >Referer: http://www.tophotelchoices.com/ > >HTTP/1.x 200 OK >Date: Wed, 15 Feb 2006 20:08:55 GMT >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/ >Cache-Control: no-cache >Pragma: no-cache >Expires: Wed, 31 Dec 1969 23:59:59 GMT >Keep-Alive: timeout=5, max=20 >Connection: Keep-Alive >Transfer-Encoding: chunked >Content-Type: text/html;charset=UTF-8 > >2. Click on the request button - switch from HTTP to HTTPS >https://www.tophotelchoices.com/bookingServlet1?hotel=ASI >GET /bookingServlet1?hotel=ASI HTTP/1.1 >Host: www.tophotelchoices.com:443 >User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >Gecko/20060124 Firefox/1.5.0.1 >Accept: >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5 >Accept-Language: en-us,en;q=0.5 >Accept-Encoding: gzip,deflate >Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >Keep-Alive: 300 >Connection: keep-alive >Referer: http://www.tophotelchoices.com/searchResults.jsp >Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF > >HTTP/1.x 200 OK >Date: Wed, 15 Feb 2006 20:11:54 GMT >Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >Cache-Control: no-cache >Pragma: no-cache >Expires: Wed, 31 Dec 1969 23:59:59 GMT >Keep-Alive: timeout=5, max=20 >Connection: Keep-Alive >Transfer-Encoding: chunked >Content-Type: text/html;charset=UTF-8 > > >George Sexton wrote: >> Does the code transparently create a new JSessionID value then? >> >> George Sexton >> MH Software, Inc. >> http://www.mhsoftware.com/ >> Voice: 303 438 9585 >> >> >>> -----Original Message----- >>> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >>> Sent: Wednesday, February 15, 2006 12:48 PM >>> To: Tomcat Users List >>> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) >>> >>> sessions started in non-ssl mode should carry over to SSL, but not >>> the other way around. >>> Filip >>> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]