-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey,
On 2/23/2010 2:54 PM, Jeffrey Janner wrote: > It seems that they can login just fine and work just fine, most of the > time. However, every now and then, they will get kicked out with an > "invalid session" error. That is our software's error message to them, > basically meaning we didn't get the session id we were expecting. I'm > leaning toward the proxy trashing the session cookie, or presenting the > wrong one, etc. Is it possible that your error message is wrong? We have an ancient app that "runs home to mama" when anything goes wrong and displays a message that says "An error occurred, probably because your session timed out". The original devs didn't bother to do nice things like null-checking and just assumed that the session state would be sane: when errors occurred, it was usually because the session went away. Anyhow, we sometimes get SQLExceptions that trigger this error message and people complain that their session couldn't have timed out. It would be funny if it weren't in production :( > I'm planning on adding the RequestDumper valve to their configuration to > capture what is really going on. Make sure to dump the requested session id as well as the id of the session actually used. If the user is requesting a session and not getting it, that may be useful information. Any idea if these clients are using cookies or not? Sometimes a missing response.encodeURL() call can ruin your whole day. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETwwACgkQ9CaO5/Lv0PACPgCgiCfgL4aizr2GyGFRoUKotlzW cs8AoLxG8Mnc/L9q//aOX/jZsLB8PYn/ =FzoK -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org