Hi,
I have a very rare problem regarding session handling. It is
reproducible only on a single server environment. Of cause this is the
productive server.
I use container authentication and for simplicity 'tomcat-user.xml'.
Login is done via HttpServletRequest.login() method, whenever I need to
access user and role information. The HttpServletRequest is saved in a
ThreadLocal during request processing.
While that normally does the job. There is one servlet that produces
simple thumbnails that triggers a problem. Session handling is done via
Cookies.
A search result page lists several thumbnail images and the browser
tries to load them (of cause) in parallel.
After the first thumbnail is loaded, the sessionId suddenly changes. As
the browser now submitting the "false" sessionId, new sessions are
created and the browser gets that new sessionId in the response. The
session from the first request is lost at that point and so are the
login credentials.
Why are sessionIds changing during the request?
Here are the logs I produce via a Servlet Filter:
--------- REQUEST ---------
[dev-mir] DEBUG MCRRequestDebugFilter: REQUEST URI:
/mir/img/pdfthumb/Document_derivate_00000049/2015-05-06_Protokoll%20der%20Sitzung%20des%20Fakult%C3%A4tsrates_%C3%B6ffentlich.pdf
Cookies:
{path=null, maxAge=-1, domain=null, name=JSESSIONID, comment=null,
httpOnly=false, secure=false, class=class javax.servlet.http.Cookie,
value=BD12BA0ED4546B5BC119727DAF97086B, version=0}
COOKIES END
REQUEST PARAMETERS:
centerThumb: no,
REQUEST PARAMETERS END
Session is requested by cookie.
Session is not requested by URL.
Session is valid.
SESSION BD12BA0ED4546B5BC119727DAF97086B created at: 2016-01-07T15:18:51.068
SESSION ATTRIBUTES:
mycore.session: {}
SESSION ATTRIBUTES END
Header:
accept: image/png,image/*;q=0.8,*/*;q=0.5
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.5
cache-control: max-age=0
connection: keep-alive
cookie: JSESSIONID=BD12BA0ED4546B5BC119727DAF97086B
host: cms.example.com:8291
if-modified-since: Wed, 06 Jan 2016 14:40:00 GMT
if-none-match: "4e0daa3453247bcfd985ee28de9616de"
referer:
http://cms.example.com:8291/mir/servlets/solr/select?q=objectType:mods%20AND%20createdby:protokoll&sort=mods.dateIssued%20desc
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
Firefox/38.0
HEADERS END
--------- RESPONSE ---------
[dev-mir] DEBUG MCRRequestDebugFilter: RESPONSE URI:
/mir/img/pdfthumb/Document_derivate_00000049/2015-05-06_Protokoll%20der%20Sitzung%20des%20Fakult%C3%A4tsrates_%C3%B6ffentlich.pdf
Status: 304
Header:
Cache-Control: max-age=31536000
ETag: "4e0daa3453247bcfd985ee28de9616de"
Expires: Sun, 24 Jan 2016 15:30:02 GMT
Set-Cookie: JSESSIONID=0A88AABC33D336900279B2378CD510B1; Path=/mir/;
HttpOnly
HEADERS END
--------- NEXT REQUEST ---------
[dev-mir] DEBUG MCRRequestDebugFilter: REQUEST URI:
/mir/img/pdfthumb/Document_derivate_00000047/2015-03-25_Protokoll%20der%20Sitzung%20des%20Fakult%C3%A4tsrates_%C3%B6ffentlich.pdf
Cookies:
{path=null, maxAge=-1, domain=null, name=JSESSIONID, comment=null,
httpOnly=false, secure=false, class=class javax.servlet.http.Cookie,
value=BD12BA0ED4546B5BC119727DAF97086B, version=0}
COOKIES END
REQUEST PARAMETERS:
centerThumb: no,
REQUEST PARAMETERS END
Session is requested by cookie.
Session is not requested by URL.
Session is not valid.
Header:
accept: image/png,image/*;q=0.8,*/*;q=0.5
accept-encoding: gzip, deflate
accept-language: en-US,en;q=0.5
cache-control: max-age=0
connection: keep-alive
cookie: JSESSIONID=BD12BA0ED4546B5BC119727DAF97086B
host: cms.example.com:8291
if-modified-since: Wed, 06 Jan 2016 14:40:02 GMT
if-none-match: "9e485dcd85a2b2ee373717a67c282873"
referer:
http://cms.example.com:8291/mir/servlets/solr/select?q=objectType:mods%20AND%20createdby:protokoll&sort=mods.dateIssued%20desc
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
Firefox/38.0
HEADERS END
[dev-mir] DEBUG MCRServlet: Setting ReqCharEncoding to: UTF-8
[dev-mir] DEBUG MCRHttpSessionListener: HttpSession
20934FB3493889B9EE0FB425A002BB28 is beeing created by:
org.apache.catalina.session.StandardSessionFacade@6a75756b
--------- RESPONSE ---------
[dev-mir] DEBUG MCRRequestDebugFilter: RESPONSE URI:
/mir/img/pdfthumb/Document_derivate_00000047/2015-03-25_Protokoll%20der%20Sitzung%20des%20Fakult%C3%A4tsrates_%C3%B6ffentlich.pdf
Status: 304
Header:
Cache-Control: max-age=31536000
ETag: "9e485dcd85a2b2ee373717a67c282873"
Expires: Sun, 24 Jan 2016 15:30:03 GMT
Set-Cookie: JSESSIONID=20934FB3493889B9EE0FB425A002BB28; Path=/mir/;
HttpOnly
HEADERS END
kind regards,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org