Yes, I have emptySessionPath=true in connectors; is this the issue? Thanks for the link, now i'm trying to debug in order to find some more details for you experts.
Thanks. 2010/11/30 Konstantin Kolinko <knst.koli...@gmail.com> > >> > Follows an extract form a test servlet: > >> > HttpSession s = req.getSession(); > >> > if (s==null) { > >> > System.out.println(mt+":Session is null"); > >> > } else { > >> > System.out.println(mt+":Session id="+s.getId()+"\t > >> > New="+s.isNew()); > >> > } > >> > System.out.println("pre- invalidate"); > >> > s.invalidate(); > >> > System.out.println("post- invalidate: id="+s.getId()); > >> > s = req.getSession(true); > >> > System.out.println("post- get new: id="+s.getId()); > >> > >> Okay, what does the above servlet print when you access it via HTTP, and > >> then access it via HTTPS? > >> > > > > HTTP Output: > > POST:Session id=F5FAF6115F7BA37ECDA22299C9B3B4BC New=true > > pre- invalidate > > sessionDestroyed [F5FAF6115F7BA37ECDA22299C9B3B4BC] <-- this log is > printed > > by a HttpSessionListener > > post- invalidate: id=F5FAF6115F7BA37ECDA22299C9B3B4BC > > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed > by > > a HttpSessionListener > > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A > > > > We can notice that the session id after the GetSession(true) is different > > from the previous one. > > > > HTTPS Output: > > POST:Session id=36BA1CCC7AEC8A9808027D57B6A5A52A New=false > > pre- invalidate > > sessionDestroyed [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is > printed > > by a HttpSessionListener > > post- invalidate: id=36BA1CCC7AEC8A9808027D57B6A5A52A > > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed > by > > a HttpSessionListener > > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A > > > > In this case the session id is always the same! > > > > Do you, by a chance, have emptySessionPath=true on your Connector? > > > I saw that between release 28 > > and 29 the following class has been changed but i'm not able to debug it. > > java\org\apache\catalina\connector\Response.java (method > > addSessionCookieInternal) > > http://wiki.apache.org/tomcat/FAQ/Developing > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >