Tomcat - Ghost/Rogue Sessions

Wed, 21 Mar 2001 11:24:01 -0800

Title: Tomcat - Ghost/Rogue Sessions

Here's the scenario ...

We have a JSP/Servlet application - The JSPs post requests to the Servlets, the Servlets do some work and then forward the requests back to the JSPs. We are also using session tracking.

We are using MS IIS 4.0 & Jakarta Tomcat 3.2.1 (Release Build).


EG ...

Login.jsp
- Displays a user login screen
- Posts the request to LoginServlet


LoginServlet
- Handles the post request (Logs the user in or returns an error)
- Initiates a new session
HttpSession httpSession = req.getSession( true );

- Forwards the requests to Login.jsp
rd = this.getServletContext().getRequestDispatcher("/WMLLogin.jsp");
rd.forward( req, res );


Login.jsp
- Checks for a valid session
HttpSession httpSession = request.getSession(false);

if (httpSession != null)
{
        String sessionID = httpSession.getId();
        ...
        ...
        ...
}

- Displays a menu or an error (Login error or session error)


However, in some cases the JSP sees a different session than the one created by the Servlet - Printing the Session ID in the JSP & Servlet shows this quite clearly ...

The very next attempt works fine - The JSP & Servlet both see/use the same session and the login attempt is successful. The interesting thing here is that the Session ID used is the same as what the JSP thought the Session ID was in the previous attempt ... ???

Is this a bug ? If not then what's wrong ???


Regards,


Mark Lane


Mark Lane
Software Engineer
XIAM Limited - The Information Router Company
Alexandra House, Ballsbridge Park, Dublin 4, Ireland
DDI    : +353 1 6642474
Switch : +353 1 6642400
Fax    : +353 1 6642499
Mobile : +353 87 6182279
E-Mail : mailto:[EMAIL PROTECTED]
Web    : http://www.xiam.com/

Meet XIAM at the CeBIT Exhibition in Hannover on March 22-28. You will find us in Hall 4, Stand A62.

The information transmitted in this e-mail is intended for the addressee only and may contain confidential and/or privileged material.  Any review,

re-transmission, dissemination, reliance upon or other use of this information by persons or entities other than the addressee is prohibited.  If you think, for any reason, that this message may have been addressed to you in error, we would ask you to notify the sender immediately by return e-mail and delete the material.

Reply via email to