Hi Andre, That?s interesting to say the least. Without cookies enabled, I can't login to either of both applications.
So I "designed" another test: using two browsers I visited both applications. And guess what: it works like a charm! So I guess you are right on the cookies :-). The only one thing I do not understand: I've done this a few times before and I never ran into these issues. The only difference is that I'm using a newer version of LifeRay for the first time, but AFAIK the other LifeRay version I used uses JSESSION too.. Tomorrow I'll look into the hosts (now it's bed time ;)). Best, Robin -----Oorspronkelijk bericht----- Van: André Warnier [mailto:a...@ice-sa.com] Verzonden: woensdag 18 augustus 2010 23:39 Aan: Tomcat Users List Onderwerp: Re: Tomcat sessions issue? Hassan Schroeder wrote: > On Wed, Aug 18, 2010 at 2:09 PM, Robin Diederen <diede...@nlcom.nl> wrote: > >> Here's some info: > >> Server.xml from LifeRay: > > I'm not going to waste my time wading through all the boilerplate > comments (hint, hint) but unless these are separate virtual hosts, > my bet's on a cookie conflict, either sessionid or whatever auth > system you're using. > I'll expand on that : 1) it is common usage, when pasting server.xml etc here, to remove the parts that are comments (and the parameter values that may be confidential, like passwords), so that the readers do not have to browse through a bunch of lines to find the ones that are active. 2) about the cookie conflict : As far as I know, a cookie is specific to a hostname, but not to a port. So if both servers answer to the same hostname, even on different ports, their JSESSIONID cookies would just overwrite one another. In other words : - you login in tomcat instance A, and get a session and an assorted JSESSIONID cookie for server A, labeled with the hostname "myserver" - then you login to instance B, and get another session and another assorted JSESSIONID cookie for server B, labeled with the hostname "myserver". This one overwrites the previous one, because both the hostname and the cookiename are the same. So when you try to access server A again, your JSESSIONID cookie does not match any existing session on server A, and it asks you to login again. Quick fix and test : disable cookies in your browser and try again. Tomcat will notice that the browser does not return cookies, and will use URL-rewriting instead to carry the session-id. Better fix : - re-enable cookies in your browser - give different hostnames to your two tomcat instances and restart them - in your workstations local "hosts" file, add a line for each of these hostnames, with the IP address of the server. - with your browser, use the appropriate hostname to access each of the Tomcat instances (not only a different port, also a different name) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
