More or less this what I think as well! That Cache-control: max-age=0 is applied to cookies too. However the cookies in Firefox seem to have the correct expiration date.
Michael >-----Original Message----- >From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker >Sent: 17 February 2006 06:03 >To: users@tomcat.apache.org >Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) > > >"Michael Andreas Omerou" <[EMAIL PROTECTED]> wrote in >message news:[EMAIL PROTECTED] >> Dear all, >> >> Thanks for your replies to my problem. However, I think the >> discussion has been "diverted" into a debate totally >irrelevant to the >> issue. >> > >Not that I'm all that interested, but just to push this along, >what are the Cookie properties in FireFox after you request a page? > >Personally, I'm betting that FireFox is probably applying your >cache-control/max-age headers to the Cookies as well as to the >page itself. > >> As far as Chuck's question whether this could be related to >the popup, >> this is not the case as the problem happens on other pages too, even >> on index.jsp (first page) >> >> Regarding Filip's email and monitoring HTTP Headers I am impressed >> that it seems to work for you. I run FireFox on Windows XP Pro SP2 >> and what happens is that when a page finishes loading, the session >> expires on the server. >> When the user/browser requests another page the correct >session id is >> sent from the browser but the server detects that this >session id sent >> is no more valid (expired) and so we have a timeout. However, this >> behaviour, only >> occurs with FireFox. I tried it from another PC with XP >Pro SP2 too but >> the problem is the same. With IE, NetScape and Opera all is ok. >> >> >> >> I want to emphasize that this behaviour does not happen only when >> switching from SSL to non-SSL or vice versa. Even if I try >to access >> pages such as the About Us or the Contact Us the session expires >> again. However, in that case the problem is not "visible" >to the user >> since those pages do not contain any session specific data so even >> with a new session it is ok. >> Try >> the following though and you will see what I mean. On >> tophotelchoices.com do a search for a hotel. Let the results be >> displayed and then, go to the About Us page. Then, click your >> browser's back button and instead of going back to the >search results >> you get a timeout (if you get search results it will be from >browser's >> cache, do a reload and you will get timeout). >> >> Monitoring the HTTP headers for both IE and Firefox using >HttpAnalyzer >> for IE and LiveHttpHeaders for Firefox gives the following: >> 1) IE >> >> (Request-Line):GET http://www.tophotelchoices.com/ HTTP/1.1 >> Accept:*/* >> Accept-Language:en-gb >> Accept-Encoding:gzip, deflate >> User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; >> .NET CLR 1.1.4322; InfoPath.1) Host:www.tophotelchoices.com >> Proxy-Connection:Keep-Alive Pragma:no-cache >> Cookie:JSESSIONID=6F187E9E698F5D81A09DF6AD0D25115D >> >> (Status-Line):HTTP/1.0 200 OK >> Date:Thu, 16 Feb 2006 22:09:18 GMT >> Server:Apache/1.3.33 (Unix) mod_jk/1.2.15 Cache-Control:no-cache >> Pragma:no-cache Expires:Wed, 31 Dec 1969 23:59:59 GMT >> Content-Type:text/html;charset=UTF-8 >> X-Cache:MISS from proxy01.spidernet.net X-Cache-Lookup:MISS from >> proxy01.spidernet.net:83 Proxy-Connection:close >> >> 2) FIREFOX: >> GET http://www.tophotelchoices.com/index.jsp HTTP/1.1 >> Host: www.tophotelchoices.com >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; >rv:1.7.12) >> Gecko/20050919 Firefox/1.0.7 >> Accept: >> >text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/pl >> ain;q= >> 0.8,image/png,*/*;q=0.5 >> Accept-Language: en-gb,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 300 >> Proxy-Connection: keep-alive >> Referer: http://www.tophotelchoices.com/timeout.jsp >> Cookie: JSESSIONID=3849A82D2F9B6991FE41073D771D1358 >> Cache-Control: max-age=0 >> >> HTTP/1.x 200 OK >> Date: Thu, 16 Feb 2006 22:12:27 GMT >> Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >> Cache-Control: no-cache >> Pragma: no-cache >> Expires: Wed, 31 Dec 1969 23:59:59 GMT >> Content-Type: text/html;charset=UTF-8 >> X-Cache: MISS from proxy01.spidernet.net >> X-Cache-Lookup: MISS from proxy01.spidernet.net:83 >> Proxy-Connection: close >> >> Obviously, the response is the same in both cases, however, for >> FireFox the important difference I see in Request is the one saying >> Cache-control: >> max-age=0 and also, the Keep-Alive value 300. I do not think the >> Keep-Alive value is the problem, however, the Cache-Control: >max-age=0 >> is suspicious. >> In my code I have >response.setHeader("Cache-Control","no-cache") but I >> think this is different. Does anyone have a clue what the max-age:0 >> is doing? >> >> Your help will be greatly appreciated. >> >> >> Thanks and regards, >> Michael >> >>>-----Original Message----- >>>From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >>>Sent: 15 February 2006 22:16 >>>To: Tomcat Users List >>>Subject: Re: Session Expires At Every Request (Tomcat5.0.28/Firefox) >>> >>>George Sexton wrote: >>>> Does the code transparently create a new JSessionID value then? >>> >>>George, >>>you might wanna rethink your comments, they don't shine any light on >>>the issue and they for sure don't state any facts, let me >prove you I >>>am right. Below is the headers I tracked with >LiveHttpHeaders, as you >>>can see, JSESSIONID remains exactly the same in the browser request >>>when the switch from HTTP to HTTPS happens. >>>This is Firefox on Fedora 4. The site works fine. >>> >>>This must be a browser issue, can you tell us a little bit >more about >>>what version and platform your browser is on. >>> >>>1. Request to the home - non secure >>>============================================================ >>>http://www.tophotelchoices.com/ >>>GET / HTTP/1.1 >>>Host: www.tophotelchoices.com >>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >>>Gecko/20060124 Firefox/1.5.0.1 >>>Accept: >>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, >> text/plain;q=0.8,image/png,*/*;q=0.5 >>>Accept-Language: en-us,en;q=0.5 >>>Accept-Encoding: gzip,deflate >>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>>Keep-Alive: 300 >>>Connection: keep-alive >>>Referer: http://www.tophotelchoices.com/ >>> >>>HTTP/1.x 200 OK >>>Date: Wed, 15 Feb 2006 20:08:55 GMT >>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >>>Set-Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF; Path=/ >>>Cache-Control: no-cache >>>Pragma: no-cache >>>Expires: Wed, 31 Dec 1969 23:59:59 GMT >>>Keep-Alive: timeout=5, max=20 >>>Connection: Keep-Alive >>>Transfer-Encoding: chunked >>>Content-Type: text/html;charset=UTF-8 >>> >>>2. Click on the request button - switch from HTTP to HTTPS >>>https://www.tophotelchoices.com/bookingServlet1?hotel=ASI >>>GET /bookingServlet1?hotel=ASI HTTP/1.1 >>>Host: www.tophotelchoices.com:443 >>>User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) >>>Gecko/20060124 Firefox/1.5.0.1 >>>Accept: >>>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, >> text/plain;q=0.8,image/png,*/*;q=0.5 >>>Accept-Language: en-us,en;q=0.5 >>>Accept-Encoding: gzip,deflate >>>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >>>Keep-Alive: 300 >>>Connection: keep-alive >>>Referer: http://www.tophotelchoices.com/searchResults.jsp >>>Cookie: JSESSIONID=735009FD40D725EDAA14389409CD60FF >>> >>>HTTP/1.x 200 OK >>>Date: Wed, 15 Feb 2006 20:11:54 GMT >>>Server: Apache/1.3.33 (Unix) mod_jk/1.2.15 >>>Cache-Control: no-cache >>>Pragma: no-cache >>>Expires: Wed, 31 Dec 1969 23:59:59 GMT >>>Keep-Alive: timeout=5, max=20 >>>Connection: Keep-Alive >>>Transfer-Encoding: chunked >>>Content-Type: text/html;charset=UTF-8 >>> >>> >>>George Sexton wrote: >>>> Does the code transparently create a new JSessionID value then? >>>> >>>> George Sexton >>>> MH Software, Inc. >>>> http://www.mhsoftware.com/ >>>> Voice: 303 438 9585 >>>> >>>> >>>>> -----Original Message----- >>>>> From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] >>>>> Sent: Wednesday, February 15, 2006 12:48 PM >>>>> To: Tomcat Users List >>>>> Subject: Re: Session Expires At Every Request >>>>> (Tomcat5.0.28/Firefox) >>>>> >>>>> sessions started in non-ssl mode should carry over to >SSL, but not >>>>> the other way around. >>>>> Filip >>>>> >>> >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
