By the way, this behaviour only happens in Mozilla/Firefox, it does not
happen in Internet Explorer.
Regards,
Luís Amorim
Luis AMORIM/PT/[EMAIL PROTECTED]
26-07-2006 13:10
Please respond to "Tomcat Users List"
To: users@tomcat.apache.org
cc:
Subject: Tomcat creates a jsessionid cookie when session
timeouts
Hi there.
I have the following problem occuring in my web application.
I am using struts and I am using the url rewriting method for session
maintenance, but when a timeout occurs the tomcat application server sets
a cookie named jsessionid (used for session tracking purposes) with a new
session id value before redirecting the user to the login page. This
jsessionid cookie value does not match the previous session id, it is a
new one.
When the user logs in again after the timeout, a new HttpSession object is
created in the login process with a new session id, storing the user
information in a variable in that HttpSession object. However, after the
initial login process, the application server always gets the session from
the id provided by the cookie created when the timeout occured, causing an
error to occur because there is no user information in that session.
The problem resides in the cookie created when the timeout occurs. Does
tomcat create a cookie every time a timeout happens? I think this is a
tomcat issue. Until now I've been unable to solve the problem and I
haven't found a way to disable cookie session tracking in tomcat.
Can anyone please help me solve this problem? Does tomcat always creates a
jsessionid cookie when a timeout occurs or this just happens in my web
app? And if this is a tomcat issue, how do I disallow this (if it is
possible, anyway)?
Regards,
Luis Amorim
