Spent sometime in the debugger and it is Shiro that is appending the JSESSIONID on a redirect if the session cookie hasn't been set yet.
So, now I'm off to figure out how to turn it off in Shiro. Thanks again for your help! Sincerely, Stephen McCants On Wed, 19 Nov 2014 01:51:53 +0300 Konstantin Kolinko <knst.koli...@gmail.com> wrote: > 2014-11-19 0:53 GMT+03:00 Konstantin Kolinko <knst.koli...@gmail.com>: > > 2014-11-19 0:21 GMT+03:00 Stephen McCants <stephen.mcca...@hcs.us.com>: > >> Hello Konstantin Kolinko, > >> > >> I fixed my dumb web.xml schema declaration. Thanks for pointing that out. > >> > >> I also added the COOKIE tracking mode to the example servlet and it worked > >> there (the URL encoded link did not contain the JSESSIONID). > >> > >> So, next I turned on logEffectiveWebXml="true" and verified that the > >> effective web.xml for both of my wars contains: > >> > >> <session-config> > >> <session-timeout>30</session-timeout> > >> <cookie-config> > >> </cookie-config> > >> <tracking-mode>COOKIE</tracking-mode> > >> </session-config> > >> > >> But the first time I hit the web app, I'm still getting JSESSIONID in the > >> URL. > >> > >> Then I turned on Strict Compliance to wring out any other errors in my > >> web.xml that might be causing the problem. It found some problems in > >> the Tag Library tld files and fixed those, but that had no effect on > >> JSESSIONID in the URL. I have no further errors in Catalina log or any > >> other logs files. > >> > >> At this point, I'm not sure what else I should try to debug the problem. > >> > >> Any suggestions would be appreciated. > >> > > > > a) Run with a debugger > > https://wiki.apache.org/tomcat/FAQ/Developing#Debugging > > > > Possible points: > > org.apache.catalina.connector.Response.encodeURL() > > org.apache.catalina.connector.Response.encodeRedirectURL() > > org.apache.catalina.connector.CoyoteAdapter.service() > > Also: > org.apache.catalina.session.StandardSession.getId(). > > It is the actual Id that is being printed as jsessionid there. It > shall be read using that method. If debugging is hard, adding some > logging with some stacktraces and recompiling can help. > > > > b) Simplify your web application > > until it becomes a simple example that can be reproduced by someone else. > > > > c) > >> But the first time I hit the web app > > > > Is that "first time" response actually served by your web app, or by > > some other (e.g. ROOT)? > > > > Best regards, > > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > ---------- Stephen McCants Senior Software Engineer Healthcare Control Systems, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
