Hi,
I contact you to talk about an exception we receive in a Tomcat class. Few days
ago we get an error in an application integrated with Tomcat. We have tried to
get information about it but we don't find any solution, so we would like to
know if you are aware about this issue.
First we describe our scenario:
1. User logs in the portal and remain static for more than 30 minutes (30
minutes is session expiration time).
2. Afterwards, he refreshes the webpage and session has been expired.
3. During the page reloading, an error occurs while executing the
"parseSessionSslId" method because the "SSLSupport.SESSION_ID_KEY" is empty.
4. A blank page is displayed because the error is not caught.
The exception produced during step 3 belongs to this section:
[org\apache\catalina\connector\CoyoteAdapter.java]
Method parseSessionSslId:
request.setRequestedSessionId(request.getAttribute(SSLSupport.SESSION_ID_KEY).toString());
request.setRequestedSessionSSL(true);
This is our context:
- Tomcat version: 7.0.25
- OS: Linux distribution
- Liferay 6.1GA1 portal integrated with Tomcat
- We don't negotiate user session by the sessionid with the cookie but with the
certificate.
Our server.xml configuration file contains the following connectors:
<Connector URIEncoding="UTF-8" port="8010" protocol="AJP/1.3"
redirectPort="8443" scheme="https" secure="true" />
<Connector URIEncoding="UTF-8" port="8443" protocol="HTTP/1.1"
SSLEnabled="true" clientAuth="false" keystoreFile="xxx" keystorePass="yyy"
keystoreType="PKCS12" maxThreads="150" scheme="https" secure="true"
sslProtocol="TLS"/>
Conclusion:
The exception is raised when the session id is empty due to we have an expired
session. We have compiled this code section with a try catch and now our
application does not receive the error, and we can see our page displayed,
obviously with session expired.
Do you think this could be due to some local configuration or is it a general
issue?
Is there the possibility to contemplate this case to be protected when
sessionId is null?
Thanks and kind regards,
AT silk.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]