I'm looking forward to hearing from the dev folks on this. I suspect it has something to do with the context configuration.
A long time ago, I started doing my own session management, but then I don't mind building out the pieces I needed for clustering. In fact, I decided to store session information in the database (persistent). That makes scaling easy. On 4/11/19, Jerry Malcolm <techst...@malcolms.com> wrote: > Alternatively, if I had a better understanding of how sessions are > managed by both TC and the browser, it might help me figure out what is > going wrong. I know a session key is generated by TC and sent back in a > response. And I'm assuming that the browser must return that session > key on subsequent calls. But if there are several webapps on domain, > how does the browser differentiate which session key to send back on a > subsequent response? Is it just understood that the first 'folder' > level under the domain (i.e. context name) is always a different session > key? (myDomain.com/order vs. myDomain/account)? Or does the browser > send all session keys back per domain and let TC figure out which one, > if any, to use? Again, just looking for a little education here.... > > Thx. > > Jerry > > On 4/11/2019 9:35 AM, Jerry Malcolm wrote: >> Thanks for the quick response, Luis. Answers below: >> >> On 4/11/2019 3:22 AM, Luis Rodríguez Fernández wrote: >>> Hello Jerry, >>> >>>> I'm using single sign-on >>> Do you mean tomcat Single Sign On valve? [1], a third party solution or >>> your custom implementation? That can change the game completely :) >> Yes, standard Tomcat-provided single sign on valve >>> >>>> some RewriteRules in httpd >>> Can you share them? That could change the game also :) >> >> Here's some of my rewrite rules from httpd.conf for this virtualhost: >> >> RewriteRule ^/create_user$ >> /idmanager/jsp/guest/createuser.jsp? [PT] >> RewriteRule ^/forgot_password$ >> /idmanager/jsp/guest/forgotpassword.jsp? [PT] >> RewriteRule ^/logoff$ /idmanager/jsp/guest/logoff.jsp [PT] >> RewriteRule ^/change_password$ >> /idmanager/jsp/user/changepassword.jsp? [PT] >> RewriteRule ^/login$ /idmanager/jsp/user/home.jsp [PT] >> RewriteRule ^/userhome$ /idmanager/jsp/user/home.jsp? [PT] >> RewriteRule ^/cart$ /order/jsp/guest/cart.jsp? [PT,QSA] >> RewriteRule ^/checkout$ /order/jsp/guest/checkout.jsp? [PT] >> RewriteRule ^/submitOrder$ /order/jsp/guest/orderSubmit.jsp? >> [PT,QSA] >> RewriteRule ^/displayImage$ /order/jsp/guest/productPage.jsp? >> [PT,QSA] >> RewriteRule ^/product$ /order/jsp/guest/productPage.jsp? >> [PT,QSA] >> RewriteRule ^/storeFront$ /order/jsp/guest/storeFront.jsp [PT] >> RewriteRule ^/orders$ /order/jsp/user/orderList.jsp? [PT] >> RewriteRule ^/pay$ /payment/jsp/user/flcPayProvision.jsp [PT] >> RewriteRule ^/projectlist$ >> /projectmanager/jsp/user/projectlist3.jsp? [PT] >> RewriteRule ^/about$ /upartyrental/jsp/guest/about.jsp? [PT] >> RewriteRule ^/$ /upartyrental/jsp/guest/uprHome.jsp [PT] >> >>> >>> Cheers, >>> >>> Luis >>> >>> [1] >>> https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm >>> (<techst...@malcolms.com>) >>> escribió: >>> >>>> I have a TC host that is running about 10 separate webapps that >>>> interact >>>> with each other. I understand that sessions are per-webapp. But within >>>> one webapp, with the same browser just making different calls to the >>>> same webapp is starting new sessions about 30% of the time. I've put a >>>> debug statement at the beginning of all of my JSPs that logs >>>> session.isNew(). It'll start a new session, then use it for 10 or so >>>> subsequent calls. But then it'll decide to drop that session and >>>> start a >>>> new one that it'll subsequently use for a while. The setup is nothing >>>> fancy. It's just calling several different JSPs within the same webapp >>>> (context). I am keeping data in the session that really needs to >>>> persist for the duration of the 'real' session between the user and the >>>> site. So this is a serious problem. (This is happening both with >>>> Firefox and Chrome). I'm using TC 9.0.1 on Windows. >>>> >>>> I definitely could have some misunderstandings here. But my first >>>> understanding is that once a browser makes a call to a webapp, a >>>> session >>>> is created, and that session remains around until invalidated on a >>>> logout or a timeout occurred, and that webapp uses that session for the >>>> remainder of the activity between that browser and that webapp. If >>>> that's not the case, then please set me straight. If that assumption is >>>> correct, what could possibly be causing the sessions to keep dropping >>>> and new ones created? >>>> >>>> Interestingly, logon state is not being dropped with the new sessions. >>>> I'm using single sign-on. So that may be ensuring the logon doesn't >>>> drop. >>>> >>>> The only thing I can come up with is that I'm using some >>>> RewriteRules in >>>> httpd to map the complex url paths to single words like "/product". >>>> (SEO >>>> advisor told me to do that...) I'm trying to see in the logs if >>>> there is >>>> a correlation between rewrites and the new sessions. But I can't >>>> really >>>> tell if that's what's causing it. >>>> >>>> Am I missing or do I have some sort of errant configuration setting >>>> that >>>> is causing the sessions to keep reinitiating? Is there something else >>>> I'm missing? I really need to have sessions that last as long as the >>>> user is on the site. >>>> >>>> Suggestions? Help?? >>>> >>>> Thx. >>>> >>>> Jerry >>>> >>>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org