Hello Jerry, > I'm using single sign-on
Do you mean tomcat Single Sign On valve? [1], a third party solution or your custom implementation? That can change the game completely :) > some RewriteRules in httpd Can you share them? That could change the game also :) Cheers, Luis [1] https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Single_Sign_On_Valve El jue., 11 abr. 2019 a las 5:57, Jerry Malcolm (<techst...@malcolms.com>) escribió: > I have a TC host that is running about 10 separate webapps that interact > with each other. I understand that sessions are per-webapp. But within > one webapp, with the same browser just making different calls to the > same webapp is starting new sessions about 30% of the time. I've put a > debug statement at the beginning of all of my JSPs that logs > session.isNew(). It'll start a new session, then use it for 10 or so > subsequent calls. But then it'll decide to drop that session and start a > new one that it'll subsequently use for a while. The setup is nothing > fancy. It's just calling several different JSPs within the same webapp > (context). I am keeping data in the session that really needs to > persist for the duration of the 'real' session between the user and the > site. So this is a serious problem. (This is happening both with > Firefox and Chrome). I'm using TC 9.0.1 on Windows. > > I definitely could have some misunderstandings here. But my first > understanding is that once a browser makes a call to a webapp, a session > is created, and that session remains around until invalidated on a > logout or a timeout occurred, and that webapp uses that session for the > remainder of the activity between that browser and that webapp. If > that's not the case, then please set me straight. If that assumption is > correct, what could possibly be causing the sessions to keep dropping > and new ones created? > > Interestingly, logon state is not being dropped with the new sessions. > I'm using single sign-on. So that may be ensuring the logon doesn't drop. > > The only thing I can come up with is that I'm using some RewriteRules in > httpd to map the complex url paths to single words like "/product". (SEO > advisor told me to do that...) I'm trying to see in the logs if there is > a correlation between rewrites and the new sessions. But I can't really > tell if that's what's causing it. > > Am I missing or do I have some sort of errant configuration setting that > is causing the sessions to keep reinitiating? Is there something else > I'm missing? I really need to have sessions that last as long as the > user is on the site. > > Suggestions? Help?? > > Thx. > > Jerry > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
