DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33182>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33182 Summary: Session ID inconsistent on include/forward between web applications Product: Tomcat 5 Version: 5.0.28 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] I have a single ear file with multiple was files deployed on Tomcat. A quick summary is that if I include to another web app, that web app's session id comes back as the session id of the web app originating the request. But if I just load the included page directly I see a different session id. I feel that if each web app is going to have a separate session id, then that id should be consistent no matter how a given page in that app is access (either via include, forward or a standard top level http request) Let's call them /app1 and /app2 I have a page called session.jsp with the following <%=session.getId()%> I visit /app1/session.jsp and get a sessionid, call it SESSIONID1 Next I visit /app2/session.jsp and get a different session id call it SESSIONID2 Fine, no problems yet. Now, I have a page in /app1 that includes another page from /app2. Call these page /app1/include.jsp and /app2/included.jsp -------- /app1/include.jsp: In /app1 sessionid= <%=session.getId%> <BR> <% RequestDispatcher d = ... (get other context etc...) d.include(request,response); %> ------ /app2/included.jsp: In /app2 sessionid=<%=session.getId()%> When loading /app1/include.jsp both /app1/include.jsp and /app2/included.jsp give me the same sessionid! That's not consistent with the session id I was given when the same browser instance loaded these pages directly. I did this quickly enough so that session invalidation is not the cause. Because these session ids are inconsistent I cannot track per session data beween more than one web app. There is no single "key" that I can use to uniquely identify a user. Behavior of other app servers: BEA: Gives a separate sessionid per web application. But if I forward/include between web applications I get the sessionid of the application I include to. WAS: Gives the same session id for each web application visted by the same browser. Different session objects, but the same id! ATG Dynamo: Same behavor as WAS. Thanks in advance for your attention. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
