Thanks for the quick response, Luis. Answers below:
On 4/11/2019 3:22 AM, Luis Rodríguez Fernández wrote:
Hello Jerry,
I'm using single sign-on
Do you mean tomcat Single Sign On valve? [1], a third party solution or
your custom implementation? That can change the game completely :)
Yes, standard Tomcat-provided single sign on valve
some RewriteRules in httpd
Can you share them? That could change the game also :)
Here's some of my rewrite rules from httpd.conf for this virtualhost:
RewriteRule ^/create_user$
/idmanager/jsp/guest/createuser.jsp? [PT]
RewriteRule ^/forgot_password$
/idmanager/jsp/guest/forgotpassword.jsp? [PT]
RewriteRule ^/logoff$ /idmanager/jsp/guest/logoff.jsp [PT]
RewriteRule ^/change_password$
/idmanager/jsp/user/changepassword.jsp? [PT]
RewriteRule ^/login$ /idmanager/jsp/user/home.jsp [PT]
RewriteRule ^/userhome$ /idmanager/jsp/user/home.jsp? [PT]
RewriteRule ^/cart$ /order/jsp/guest/cart.jsp? [PT,QSA]
RewriteRule ^/checkout$ /order/jsp/guest/checkout.jsp? [PT]
RewriteRule ^/submitOrder$ /order/jsp/guest/orderSubmit.jsp?
[PT,QSA]
RewriteRule ^/displayImage$ /order/jsp/guest/productPage.jsp?
[PT,QSA]
RewriteRule ^/product$ /order/jsp/guest/productPage.jsp? [PT,QSA]
RewriteRule ^/storeFront$ /order/jsp/guest/storeFront.jsp [PT]
RewriteRule ^/orders$ /order/jsp/user/orderList.jsp? [PT]
RewriteRule ^/pay$ /payment/jsp/user/flcPayProvision.jsp [PT]
RewriteRule ^/projectlist$
/projectmanager/jsp/user/projectlist3.jsp? [PT]
RewriteRule ^/about$ /upartyrental/jsp/guest/about.jsp? [PT]
RewriteRule ^/$ /upartyrental/jsp/guest/uprHome.jsp [PT]
Cheers,
Luis
[1]
https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve
El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm (<techst...@malcolms.com>)
escribió:
I have a TC host that is running about 10 separate webapps that interact
with each other. I understand that sessions are per-webapp. But within
one webapp, with the same browser just making different calls to the
same webapp is starting new sessions about 30% of the time. I've put a
debug statement at the beginning of all of my JSPs that logs
session.isNew(). It'll start a new session, then use it for 10 or so
subsequent calls. But then it'll decide to drop that session and start a
new one that it'll subsequently use for a while. The setup is nothing
fancy. It's just calling several different JSPs within the same webapp
(context). I am keeping data in the session that really needs to
persist for the duration of the 'real' session between the user and the
site. So this is a serious problem. (This is happening both with
Firefox and Chrome). I'm using TC 9.0.1 on Windows.
I definitely could have some misunderstandings here. But my first
understanding is that once a browser makes a call to a webapp, a session
is created, and that session remains around until invalidated on a
logout or a timeout occurred, and that webapp uses that session for the
remainder of the activity between that browser and that webapp. If
that's not the case, then please set me straight. If that assumption is
correct, what could possibly be causing the sessions to keep dropping
and new ones created?
Interestingly, logon state is not being dropped with the new sessions.
I'm using single sign-on. So that may be ensuring the logon doesn't drop.
The only thing I can come up with is that I'm using some RewriteRules in
httpd to map the complex url paths to single words like "/product". (SEO
advisor told me to do that...) I'm trying to see in the logs if there is
a correlation between rewrites and the new sessions. But I can't really
tell if that's what's causing it.
Am I missing or do I have some sort of errant configuration setting that
is causing the sessions to keep reinitiating? Is there something else
I'm missing? I really need to have sessions that last as long as the
user is on the site.
Suggestions? Help??
Thx.
Jerry
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
