I have my apache log configured to include the cookies. I'm not talking about the URL. Jeremy
On Fri, Jun 19, 2009 at 2:51 AM, Johan Compagner <jcompag...@gmail.com>wrote: > What do you mean with sessionid disappears? From the url? Thats basic > tomcat, the first urls are with session id but if session cookie works > it wont append it to the url, or you really have to tell tomcat that > it has to do that everytime. > > On 17/06/2009, Jeremy Levy <jel...@gmail.com> wrote: > > We see a very similar issue: Between one request to another that happen > > within a matter of seconds / minutes the sessionid disappears. A lot of > our > > traffic is mobile so I assume some of it is crappy browser > implementation. > > We have not been able to reproduce it any meaningful way. > > We have been able to mitigate the effect on our > > users by making as many pages as possible bookmarkable as well as > > including cookie based auto-login. > > > > I have seen other things cause this however, if you are using jvmRoute > > with a node that is down and your don't properly fail over you will > > consistently get this error. > > > > For what it's worth we are using Wicket 1.3.6 (but been anecdotally > having > > the issue since 1.3.0 or earlier) in Tomcat/JBoss 4.2.2. > > > > Jeremy > > > > > > > > > > > > On Thu, Jun 11, 2009 at 4:31 PM, Dane Laverty <danelave...@gmail.com> > wrote: > > > >> Thanks for pointing that out. I've tried some other changes, so I'll > wait > >> and see how they work out. However, if the problem persists I'll look > into > >> the possibility of it being an HTTPS-related issue. That line of > reasoning > >> hadn't ever occurred to me. > >> > >> Dane > >> > >> On Thu, Jun 11, 2009 at 1:09 PM, Igor Vaynberg <igor.vaynb...@gmail.com > > > >> wrote: > >> > > >> > good catch Jason. > >> > > >> > We have also ran into this when implementing wicket's @RequireHttps > >> > annotation, there is a javadoc section in HttpsRequestCycleProtocol > >> > that talks about this cookie pain. > >> > > >> > -igor > >> > > >> > On Thu, Jun 11, 2009 at 1:03 PM, Jason Lea<ja...@kumachan.net.nz> > wrote: > >> > > I notice there are some secure requests there (https)... so I will > now > >> > > blindly assume you are having the same problem I had in the past... > >> > > > >> > > I had a problem with session ids changing when trying to swtich > >> > > between > >> > > secure/insecure pages. > >> > > If your first request to a tomcat server is secure, and a session is > >> > > created, tomcat will create a secure session id cookie that will > only > >> be > >> > > sent in https requests. If you request a non-secure (http) page > >> request > >> it > >> > > will not send the cookie, and a new insecure session cookie is > >> > > created. > >> > > > >> > > One way to fix* this is to use a http request filter that checks for > >> new > >> > > session id cookie creation, and writing a new insecure cookie if a > >> secure > >> > > one has been created. Something like this: > >> > > http://forum.springsource.org/archive/index.php/t-65651.html > >> > > > >> > > *when I say fix, I mean make the system less secure :) > >> > > > >> > > Igor Vaynberg wrote: > >> > >> > >> > >> yes, a changing sessionid will cause a page expired error because > the > >> > >> client all of a sudden gets a new blank session. > >> > >> > >> > >> changing session ids can be caused by either session expiration or > a > >> > >> manual session invalidation - like during a logout procedure. > >> > >> > >> > >> you have to figure out what causes the session to get dumped and a > >> > >> new > >> > >> one to be created in your application/servlet container. > >> > >> > >> > >> -igor > >> > >> > >> > >> On Thu, Jun 11, 2009 at 9:56 AM, Dane Laverty< > danelave...@gmail.com> > >> > >> wrote: > >> > >> > >> > >>> > >> > >>> I'm trying to track down the source of frequent > >> > >>> PageExpiredExceptions > >> > >>> that > >> > >>> we're getting on our deployment server. One of the errors occured > at > >> > >>> 01:28:06 this morning. In the Apache logs, I discovered that the > >> user's > >> > >>> session ID spontaneously changed at that time, (see the change > >> between > >> > >>> lines > >> > >>> 4 & 5 below, and then again between lines 11 & 12). Is that just a > >> > >>> coincidence, or would a changing session ID cause the > >> > >>> PageExpiredException? > >> > >>> And if so, what causes the session ID to change? (I'm using Wicket > >> 1.3.6. > >> > >>> I > >> > >>> can't replicate the errors in development, which sounds common > >> according > >> > >>> to > >> > >>> the several PageExpiredException threads. I'm not seeing any sort > of > >> > >>> serialization errors either.) Thanks for your help! > >> > >>> > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:03 -0700] "GET > >> > >>> /resources/comp.Comp/Oregon2.jpg HTTP/1.1" 200 22145 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:03 -0700] "GET > >> > >>> /resources/comp.Comp/newVGrad.png HTTP/1.1" 200 48736 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:03 -0700] "GET > >> > >>> /resources/comp.Comp/navBoxBottom.jpg HTTP/1.1" 200 14140 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:05 -0700] "GET > >> > >>> /pay%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3 HTTP/1.1" 302 - > >> "-"... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:05 -0700] "GET > >> > >>> /foodhandler/login;jsessionid=271042707F280E26F7A08E6FFF108C22 > >> HTTP/1.1" > >> > >>> 302 > >> > >>> 263 "-"... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:05 -0700] "GET > >> > >>> /login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 HTTP/1.1" 200 > >> 8056 > >> > >>> "-"... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> /resources/comp.Comp/main.css HTTP/1.1" 200 9904 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> /resources/comp.Comp/print.css HTTP/1.1" 200 459 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> > >> > >>> > >> > >> > /resources/org.apache.wicket.ajax.WicketAjaxReference/wicket-ajax.js;jsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> HTTP/1.1" 200 8939 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> > >> > >>> > >> > >> > /resources/org.apache.wicket.markup.html.WicketEventReference/wicket-event.js;jsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> HTTP/1.1" 200 1184 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> /resources/comp.Comp/prototype.js HTTP/1.1" 200 47603 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/login%3bjsessionid=271042707F280E26F7A08E6FFF108C22 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:06 -0700] "GET > >> > >>> > >> /%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3?wicket:interface=:12:::: > >> > >>> HTTP/1.1" 200 4623 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/take-the-test%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3 > >> > >>> "... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:07 -0700] "GET > >> > >>> /resources/comp.Comp/main.css HTTP/1.1" 200 9904 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3?wicket:interface=:12 > >> : > >> :: > >> > >>> :"... > >> > >>> XXX.XXX.29.22 - - [11/Jun/2009:01:28:07 -0700] "GET > >> > >>> /resources/comp.Comp/print.css HTTP/1.1" 200 459 " > >> > >>> > >> > >>> > >> > >> > https://www.foodhandler.org/%3bjsessionid=E0381EA98B6C107CD1D4DF8FDE5D88C3?wicket:interface=:12 > >> : > >> :: > >> > >>> :"... > >> > >>> > >> > >>> > >> > >> > >> > >> > --------------------------------------------------------------------- > >> > >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> > >> For additional commands, e-mail: users-h...@wicket.apache.org > >> > >> > >> > >> > >> > >> > >> > > > >> > > -- > >> > > Jason Lea > >> > > > >> > > > >> > > > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > >> > For additional commands, e-mail: users-h...@wicket.apache.org > >> > > >> > > > > > > > > -- > > Jeremy Levy > > > > See my location in real-time: > > http://seemywhere.com/jeremy > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Jeremy Levy See my location in real-time: http://seemywhere.com/jeremy
