"Michael Andreas Omerou" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Dear all, > > Thanks for your replies to my problem. However, I think the discussion > has > been "diverted" into a debate totally irrelevant to the issue. >
Not that I'm all that interested, but just to push this along, what are the Cookie properties in FireFox after you request a page? Personally, I'm betting that FireFox is probably applying your cache-control/max-age headers to the Cookies as well as to the page itself. > As far as Chuck's question whether this could be related to the popup, > this > is not the case as the problem happens on other pages too, even on > index.jsp > (first page) > > Regarding Filip's email and monitoring HTTP Headers I am impressed that it > seems to work for you. I run FireFox on Windows XP Pro SP2 and what > happens > is that when a page finishes loading, the session expires on the server. > When the user/browser requests another page the correct session id is sent > from the browser but the server detects that this session id sent is no > more > valid (expired) and so we have a timeout. However, this behaviour, only > occurs with FireFox. I tried it from another PC with XP Pro SP2 too but > the problem is the same. With IE, NetScape and Opera all is ok. > > > > I want to emphasize that this behaviour does not happen only when > switching > from SSL to non-SSL or vice versa. Even if I try to access pages such as > the About Us or the Contact Us the session expires again. However, in > that > case the problem is not "visible" to the user since those pages do not > contain any session specific data so even with a new session it is ok. > Try > the following though and you will see what I mean. On tophotelchoices.com > do a search for a hotel. Let the results be displayed and then, go to the > About Us page. Then, click your browser's back button and instead of > going > back to the search results you get a timeout (if you get search results it > will be from browser's cache, do a reload and you will get timeout). > > Monitoring the HTTP headers for both IE and Firefox using HttpAnalyzer for > IE and LiveHttpHeaders for Firefox gives the following: > 1) IE > > (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1 > Accept:*/* > Accept-Language:en-gb > Accept-Encoding:gzip, deflate > User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET > CLR > 1.1.4322; InfoPath.1) > Host:www.tophotelchoices.com > Proxy-Connection:Keep-Alive > Pragma:no-cache > Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D > > (Status-Line):HTTP/1.0 200 OK > Date:Thu, 16 Feb 2006 22:09:18 GMT > Server:Apache/1.3.33 (Unix) mod_jk/1.2.15 > Cache-Control:no-cache > Pragma:no-cache > Expires:Wed, 31 Dec 1969 23:59:59 GMT > Content-Type:text/html;charset=UTF-8 > X-Cache:MISS from proxy01.spidernet.net > X-Cache-Lookup:MISS from proxy01.spidernet.net:83 > Proxy-Connection:close > > 2) FIREFOX: > GET http://www.tophotelchoices.com/index.jsp HTTP/1.1 > Host: www.tophotelchoices.com > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.7.12) > Gecko/20050919 Firefox/1.0.7 > Accept: > text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q= > 0.8,image/png,*/*;q=0.5 > Accept-Language: en-gb,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 300 > Proxy-Connection: keep-alive > Referer: http://www.tophotelchoices.com/timeout.jsp > Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358 > Cache-Control: max-age=0 > > HTTP/1.x 200 OK > Date: Thu, 16 Feb 2006 22:12:27 GMT > Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 > Cache-Control: no-cache > Pragma: no-cache > Expires: Wed, 31 Dec 1969 23:59:59 GMT > Content-Type: text/html;charset=UTF-8 > X-Cache: MISS from proxy01.spidernet.net > X-Cache-Lookup: MISS from proxy01.spidernet.net:83 > Proxy-Connection: close > > Obviously, the response is the same in both cases, however, for FireFox > the > important difference I see in Request is the one saying Cache-control: > max-age=0 and also, the Keep-Alive value 300. I do not think the > Keep-Alive > value is the problem, however, the Cache-Control: max-age=0 is suspicious. > In my code I have response.setHeader("Cache-Control","no-cache") but I > think > this is different. Does anyone have a clue what the max-age:0 is doing? > > Your help will be greatly appreciated. > > > Thanks and regards, > Michael > >>-----Original Message----- >>From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >>Sent: 15 February 2006 22:16 >>To: Tomcat Users List >>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) >> >>George Sexton wrote: >>> Does the code transparently create a new JSessionID value then? >> >>George, >>you might wanna rethink your comments, they don't shine any >>light on the issue and they for sure don't state any facts, >>let me prove you I am right. Below is the headers I tracked >>with LiveHttpHeaders, as you can see, JSESSIONID remains >>exactly the same in the browser request when the switch from >>HTTP to HTTPS happens. >>This is Firefox on Fedora 4. The site works fine. >> >>This must be a browser issue, can you tell us a little bit >>more about what version and platform your browser is on. >> >>1. Request to the home - non secure >>============================================================ >>http://www.tophotelchoices.com/ >>GET / HTTP/1.1 >>Host: www.tophotelchoices.com >>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >>Gecko/20060124 Firefox/1.5.0.1 >>Accept: >>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, > text/plain;q=0.8,image/png,*/*;q=0.5 >>Accept-Language: en-us,en;q=0.5 >>Accept-Encoding: gzip,deflate >>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>Keep-Alive: 300 >>Connection: keep-alive >>Referer: http://www.tophotelchoices.com/ >> >>HTTP/1.x 200 OK >>Date: Wed, 15 Feb 2006 20:08:55 GMT >>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >>Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/ >>Cache-Control: no-cache >>Pragma: no-cache >>Expires: Wed, 31 Dec 1969 23:59:59 GMT >>Keep-Alive: timeout=5, max=20 >>Connection: Keep-Alive >>Transfer-Encoding: chunked >>Content-Type: text/html;charset=UTF-8 >> >>2. Click on the request button - switch from HTTP to HTTPS >>https://www.tophotelchoices.com/bookingServlet1?hotel=ASI >>GET /bookingServlet1?hotel=ASI HTTP/1.1 >>Host: www.tophotelchoices.com:443 >>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >>Gecko/20060124 Firefox/1.5.0.1 >>Accept: >>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, > text/plain;q=0.8,image/png,*/*;q=0.5 >>Accept-Language: en-us,en;q=0.5 >>Accept-Encoding: gzip,deflate >>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>Keep-Alive: 300 >>Connection: keep-alive >>Referer: http://www.tophotelchoices.com/searchResults.jsp >>Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF >> >>HTTP/1.x 200 OK >>Date: Wed, 15 Feb 2006 20:11:54 GMT >>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >>Cache-Control: no-cache >>Pragma: no-cache >>Expires: Wed, 31 Dec 1969 23:59:59 GMT >>Keep-Alive: timeout=5, max=20 >>Connection: Keep-Alive >>Transfer-Encoding: chunked >>Content-Type: text/html;charset=UTF-8 >> >> >>George Sexton wrote: >>> Does the code transparently create a new JSessionID value then? >>> >>> George Sexton >>> MH Software, Inc. >>> http://www.mhsoftware.com/ >>> Voice: 303 438 9585 >>> >>> >>>> -----Original Message----- >>>> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >>>> Sent: Wednesday, February 15, 2006 12:48 PM >>>> To: Tomcat Users List >>>> Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) >>>> >>>> sessions started in non-ssl mode should carry over to SSL, but not >>>> the other way around. >>>> Filip >>>> >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
