Re: Session Invalidate not working on HTTPS ( Tomcat 6.0.29 )

Tue, 30 Nov 2010 06:17:09 -0800 

Yes, I have emptySessionPath=true  in connectors; is this the issue?

Thanks for the link, now i'm trying to debug in order to find some more
details for you experts.

Thanks.

2010/11/30 Konstantin Kolinko <knst.koli...@gmail.com>

> >> > Follows an extract form a test servlet:
> >> >         HttpSession s = req.getSession();
> >> >         if (s==null) {
> >> >             System.out.println(mt+":Session is null");
> >> >         } else {
> >> >             System.out.println(mt+":Session id="+s.getId()+"\t
> >> > New="+s.isNew());
> >> >         }
> >> >         System.out.println("pre- invalidate");
> >> >         s.invalidate();
> >> >         System.out.println("post- invalidate: id="+s.getId());
> >> >         s = req.getSession(true);
> >> >         System.out.println("post- get new: id="+s.getId());
> >>
> >> Okay, what does the above servlet print when you access it via HTTP, and
> >> then access it via HTTPS?
> >>
> >
> > HTTP Output:
> > POST:Session id=F5FAF6115F7BA37ECDA22299C9B3B4BC     New=true
> > pre- invalidate
> > sessionDestroyed [F5FAF6115F7BA37ECDA22299C9B3B4BC] <-- this log is
> printed
> > by a HttpSessionListener
> > post- invalidate: id=F5FAF6115F7BA37ECDA22299C9B3B4BC
> > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed
> by
> > a HttpSessionListener
> > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A
> >
> > We can notice that the session id after the GetSession(true) is different
> > from the previous one.
> >
> > HTTPS Output:
> > POST:Session id=36BA1CCC7AEC8A9808027D57B6A5A52A     New=false
> > pre- invalidate
> > sessionDestroyed [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is
> printed
> > by a HttpSessionListener
> > post- invalidate: id=36BA1CCC7AEC8A9808027D57B6A5A52A
> > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed
> by
> > a HttpSessionListener
> > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A
> >
> > In this case the session id is always the same!
> >
>
> Do you, by a chance, have emptySessionPath=true on your Connector?
>
> > I saw that between release 28
> > and 29 the following class has been changed but i'm not able to debug it.
> > java\org\apache\catalina\connector\Response.java (method
> > addSessionCookieInternal)
>
> http://wiki.apache.org/tomcat/FAQ/Developing
>
> Best regards,
> Konstantin Kolinko
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Reply via email to