Markus Reis wrote:
Our Tomcat 5.5 sends 30 cookie
(cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod;
domain=null; path=/)
Are they all identical?
No. They are ALL different (and they also differ from response to response)
and 900 Set-Cookie
(header=Set-Cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod;
Path=/; Secure) headers in the http response header back to the
external clients (during the initial http request/response).
Same here: identical?
No. Each of the 30 DIFFERENT session id's from above are repeated thirty times.
The 900 Set-Cookie headers contain each "cookie" JSESSIONID thirty
times.
That is crazy! How are you observing this behavior? LiveHTTPHeaders/http
protocol sniffer? Wireshark/packet sniffer?
Yes it is crazy - I observed this using
org.apache.catalina.valves.RequestDumperValve in my server.xml
If I submit the same request from my machine I get a only/as expected
one cookie and one Set-Cookie header back in the initial response.
Er... what do you mean "from my machine"? What are you using when you
get 900 Set-Cookie headers?
"My machine" is my PC at work. The requests where a repsonse with 900 SetCookie
headers is returned, are sent from PC's of our partners, which operate in one single
network (and thus all have the same IP, which is the IP of the partner network's proxy
server). If I use some other PC connected to the internet I have the same expected
behaviour as from my PC at work. So those responses are only/exclusively produced for
requests coming from PC's of our partners.
markus
Old African proverb : he who wants to eat an elephant, should do it a
little bit at a time.
I am not basing the following on any deep knowledge of Tomcat, just
trying to use the logical cues from what you said so far and the way
HTTP servers and browsers normally react.
1) How do you *precisely* know that Tomcat is actually sending 900
Set-Cookie Headers ? does the RequestDumperValve also dump the response
? or is that what you see in the client browser ?
In other words, are you really sure that it is Tomcat who is sending all
these Set-Cookie headers, or could it be the customer's proxy
adding/multiplying them ? (Not that I would know how it could do that,
but that's another matter)
2) The client browser gets 900 Set-Cookie headers, of which the basic
set of different ones is 30, each multiplied 30 times.
So the client browser ends up with 30 cookies set ?
Or just one, in the end ?
3) Does this number 30 relate in some way to how many separate stations
at your customer access your Tomcat server ?
For example, assuming that there would be a way to "reset everything",
and then turn on a single customer station, and access your Tomcat
server once, how many Set-cookies would that one browser get in return ?
And then, what if a second station now sends a request ?
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
