Our web.xml file minus listeners and servlet config. I also removed some
taglib definitions.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd";>
<web-app xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
version="3.0">
<distributable/>
<context-param>
<param-name>org.apache.taglibs.standard.lang.jstl.exprCacheSize</param-name>
<param-value>100</param-value>
</context-param>
<filter>
<filter-name>Performance Log Filter</filter-name>
<filter-class>ourCompanyPath.PerfLogServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Performance Log Filter</filter-name>
<url-pattern>/do/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>Encoding</filter-name>
<filter-class>ourCompanyPath.EncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- the session should last 180 min. -->
<session-config>
<session-timeout>180</session-timeout>
<cookie-config>
<max-age>
10800
</max-age>
</cookie-config>
</session-config>
<!-- The Usual Welcome File List -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
**************
The problem with the filter you are speaking of is that it actually adds
multiple cookies to the request. While most people say that they haven't found
this to cause problems - we actually did find that it caused users problems.
Firefox accepts the last cookie sent, but I've found reports saying that IE
accepts the first cookie. I'm not really sure what was going on, but the
patterns were extremely inconsistent and hard to replicate. All I know is that
we had people turn off cookies completely on our website and things started
working again. That was the reason we upgraded to tomcat7 in the first place.
-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, July 13, 2011 5:43 PM
To: Tomcat Users List
Subject: Re: Session cookie max age
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Josh,
On 7/13/2011 5:15 PM, Josh Simmons wrote:
> I was afraid I wasn't being specific enough - sorry.
>
> <session-config> <session-timeout>180</session-timeout>
> <cookie-config> <max-age> 10800 </max-age> </cookie-config>
> </session-config>
Can you post your entire web.xml? You can remove all the servlet, listener, and
security constraint stuff.
> We do not want to use the default cookie max age of -1 for our session
> cookie. We would like for our session to persist across browser
> restart (I know this might be frowned upon but it’s a stepping stone
> towards the correct solution) - so in order to do so we set the max
> age of our session cookie to 3hours , the same as our timeout.
Gotcha.
> While the jsessionid might not be changing for every request, the
> timeout is changing with every request.
Okay, now I get it. You expect Tomcat to set the cookie's max age to be NOW +
180 minutes. That's what I'd expect, too.
> As I stated previously, we can fix this by just configuring our max
> age to be 24 hours, because ideally no one is going to perfectly keep
> their session alive on the server for that length of time.
>
> Hopefully this makes more sense now of what I'm after.
It does. Assuming that you don't have a misconfiguration and that this is a
Tomcat bug, you ought to be able to get around the problem using a Filter that
looks something like this:
public class SessionCookieMaxAgeFilter
implements Filter
{
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
{
if(request instanceof HttpServletRequest)
{
Cookie cookie = getCookie((HttpServletRequest)request));
if(null != cookie)
{
// force the cookie back on the client
cookie.setMaxAge(180);
((HttpServletResponse)response).addCookie(cookie);
}
}
}
private Cookie getCookie(HttpServletRequest request)
{
Cookie[] cookies = request.getCookies();
if(null != cookies)
{
for(int i=0; i<cookies.length; ++i)
{
if("JSESSIONID".equals(cookies[i].getName()))
{
return cookie;
}
}
}
return null;
}
}
Post your configuration and I'll take a look at the code (which may take some
time :)
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4eEUgACgkQ9CaO5/Lv0PAH5gCfTJijKQNqLv3F/TPQVT9CCMCL
RiMAn2b/CDEJj+vPQrRFj5FozSATkst/
=i8JZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
