-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jeffrey,
On 9/10/15 12:26 PM, Jeffrey Janner wrote: > Thanks for all the help guys. I think I've sussed out what is > going on here. Now just have to get the Dev guys to address it. > > After spending a good bit of time clearing and watching cookies > and access logs, both with and without a favicon.ico file, I found > that the doubling was happening only if the file was missing. I > checked the error.jsp file and it does have session=true set, and > if the icon file is missing, the error.jsp is definitely being > sent. > > So it looks like the possible solutions are: 1) provide a > favicon.ico file. This fixes the symptom, not the problem. You'll get the same problem with clients who request /apple-touch-icon.png, /robots.txt, or just about any other file that ends up resulting in a 404. This could be something from within the application itself, and will (apparently) cause mass confusion. > 2) remove the session=true setting from the error page. This is the right answer. Do you really need the session in error.jsp? > 3) somehow not send the error.jsp when a sub-link (image, script, > etc.) results in a 404. > > 4) Have the login page of APP2 provide it's own icon <link> > directive (it doesn't currently have one.) > Any other options? If you absolutely need access to the session in your error.jsp file, you can do this: <?jsp session="false" ?> <% HttpSession session = request.getSession(false); ... %> This will prevent sessions from being created when there isn't already a session. You'll have to check the code for error.jsp to make sure that no code uses the session before checking it for null -- because session="true" guarantees that the "session" reference will be non-null. That will allow you to use session information in error.jsp if a session already exists, but not create a superfluous session when one does not (yet) exist. Back to Tomcat's session management: Tomcat *can* handle this situation properly: it will try all JSESSIONID cookies it gets to find a valid one in the current web application. So, multiple JSESSIONID cookies won't confuse Tomcat. Some other component must be mis-understanding the session identifier in some way. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV8di9AAoJEBzwKT+lPKRY9FUP/0m2SNIG3nW9dsIRCr1q/SWG 5O/s5VrDs7Rvk1hWfbGTlhfuL0zkeCaL/GQE4wa3KQo4qHPhtzYlIgZstEeaAQqk kLwU4JHzJcTfKMKog6/O0kFwysYzl4y/EX+UoBcY3h3N5xkQ0RGNOYEF7fSr+6NA Uuxo6WVxQoP3Ce/64EZ1P+uxglLJF+pML6OViEHEK4qgL3SY1UY0tOFpcBa43Gqt Y/Z7I1SvQhRt2VGQzyatHRypAMxynJfHjvV/gyF3k1/XFEeWDDpET4guaazD1uqW fE5Lgt3Lxr1WyeEXxeJz4jOlLBty0bm9m16YFdxCsNjVy7v7Uy7M1Hd0iIfoktCV Vp8nzuj+qxVMpzua2N/J7e9slYnIZOePOFFrTQbWx1S10QCvgRuprN3lyZEU29oP PywXQU/F9u/xFPk6Z5+xdMrSEvL+ykuwoyV8Ef2CObZ0Ibsjx9WoBAz/hRLpeeji TngPwFvDrU7jMR36SQ+vCR8PQSjQo5P2P+KZE735uIgG/iz3F6gQ+8R9E0p1iutL iLoF2alPkSaoWnBTrlDhV+EvKtjKl2FWuRrs5sHGWG6FowS+lKnaAfhkq3ArGLdS j4JFculpE80Ys9saoetvTlQ35dTi1KdmL+gzixI/EjUVkS2azsW6kYxkwliig4gN UVa6wuFsD/I9JcMCKeIp =1OQG -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
