-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 André,
On 6/14/13 3:17 AM, André Warnier wrote: > Carl Dreher wrote: >> I have Tomcat 7.0.26 running on Window7 Pro. I also have Tomcat >> 7.0.40 running on a Windows 7 Home Premium. Both have the same >> website. (Obviously, I'm doing some testing.) >> >> In the website, a user logs on and the user ID is kept in the >> session. In one of the JSP pages I have some JavaScript >> attached to an html button <input type="button" name="" >> value="blah blah blah" >> onclick="window.location='/MySite/MyAction.do'"> (I'm using >> Struts.) Now, here is were it gets strange... >> >> During testing, I found that IE8 and IE9 both run fine against >> Tomcat 7.0.26. By that I mean, after the user logs on, the user >> ID is kept in the session. After navigating around the site, if >> the user then clicks on the above button, the Struts Action >> class "MyAction.do" is able to find the user ID in the session. >> The same is true of IE9 against Tomcat 7.0.40. >> >> But if I do the above with IE8 against the site on Tomcat >> 7.0.40, the user ID in the session is empty. >> >> To summarize, | IE8 | IE9 >> ----------------------------------------------------------- >> Tomcat 7.0.26 | ok | ok >> ----------------------------------------------------------- >> Tomcat 7.0.40 | fail | ok >> ----------------------------------------------------------- >> >> Any ideas where to start looking? >> > > Yes. I would recommend, first of all, that you install some add-on > on the IE side, which can display the conversation between IE and > server (HTTP headers etc.). (I know of Fiddler2, but there might > be others). Then run your check once on each, and compare > requests/responses/headers. +1 My first reaction is that the session id cookie is being lost, and the URL being used for window.location=... has not been run through response.encodeURL(). Carl, you can use one of any number of fine JSP tag libraries (JSTL, Struts own taglibs, etc.) to do the equivalent of this (example uses JSTL): <input type="button" name="" value="..." onclick="window.location='<c:url value="/MyAction.do" />'" /> Note that I assumed /MySite was your context path and so I removed it from the <c:url> call: <c:url> knows the context path and will insert it into the URL automatically. If you are running as ROOT context and the /MySite is actually part of the local URI, you'll obviously need to add that back in. Whether this fixes your problem or not, you should be doing it all the time for two reasons: 1. Sessions will continue to work when users have disabled cookie-based session tracking 2. Your webapp will continue to work if you change its name (say, from /MySite to /MyOtherSite) Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRuzv9AAoJEBzwKT+lPKRYPtUP/RKSTtMsu9fDJ4IIdxQ1lczF RuMR0yWFS2NJ+9bFOp+JBguj2mPGDXIXsh5ylZC0BxuUr7nc/XmBqQHDrvhu+7/q U9NWqJh5CucSmNqioszEQ61tCaRqK39z9NpQpw3VPf14ShPAxb4Rlre9hba2oCR4 eohVo40hmGjmH4Gn5qm7AR3GTxX71Rs/Lwb/VItUurUpixCv8kNk5a4xNL0uzkcC YCDnzEXU5P1S4Ec2qqqQDT1wbCEfYDWtSh70/WxRN3GZgXT6RUUX59YeeQYJueUs 9vFAVBXRhouMm/qpWlYIYVch1ynHINAB3srgcUA7u3ViGgYTM3x+7PLM5zA2UpJ7 Vs7iSAf8uodLw+kmWj1fWeeKRHVrAmqW4V5wD/FMD+PSqTR95elzsEvw8oxSAsak HEZXpgSo+UXrbk0zU8pQ7yct4AAm23ijOzTNVdIi8V9vw08ALHAs0iAvUyxWkvuf zOBNEP38esHMpgTOH4/ul8B8L7mnL3+6T4m6YFz6lUnD2SbZOjYpU4Y4lgBcoYZd gnn53Xu6eN3U9jMSgNNpR2YP/G9j/FUYPW+Up4Pe97bFHYgD07AJ15zxxCX47htb jlfcqXa85z+L0BxWw5TGUepFFpNXgWQEcgoKhEsn+CWVJZLh72czKFZRyr8UxiF0 0Oboz8dhXnas66JdIiXo =oaRx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
