> André Warnier wrote: > > Markus Reis wrote: > >>>> Our Tomcat 5.5 sends 30 cookie > >>>> (cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod; > >>>> domain=null; path=/) > >>> Are they all identical? > >> > >> No. They are ALL different (and they also differ from response to > >> response) > >> > >>>> and 900 Set-Cookie > >>>> > (header=Set-Cookie=JSESSIONID=2D79FB71207A83A09B32677B9640693E.jbprod; > >>>> Path=/; Secure) headers in the http response header back to the > >>>> external clients (during the initial http request/response). > >>> Same here: identical? > >> > >> No. Each of the 30 DIFFERENT session id's from above are repeated > >> thirty times. > >> > >>>> The 900 Set-Cookie headers contain each "cookie" JSESSIONID thirty > >>>> times. > >>> That is crazy! How are you observing this behavior? > LiveHTTPHeaders/http > >>> protocol sniffer? Wireshark/packet sniffer? > >> > >> Yes it is crazy - I observed this using > >> org.apache.catalina.valves.RequestDumperValve in my server.xml > >> > >>>> If I submit the same request from my machine I get a only/as expected > >>>> one cookie and one Set-Cookie header back in the initial response. > >>> Er... what do you mean "from my machine"? What are you using when you > >>> get 900 Set-Cookie headers? > >> > >> "My machine" is my PC at work. The requests where a repsonse with 900 > >> SetCookie headers is returned, are sent from PC's of our partners, > >> which operate in one single network (and thus all have the same IP, > >> which is the IP of the partner network's proxy server). If I use some > >> other PC connected to the internet I have the same expected behaviour > >> as from my PC at work. So those responses are only/exclusively > >> produced for requests coming from PC's of our partners. > >> > >> markus > > Old African proverb : he who wants to eat an elephant, should do it a > > little bit at a time. > > > > I am not basing the following on any deep knowledge of Tomcat, just > > trying to use the logical cues from what you said so far and the way > > HTTP servers and browsers normally react. > > > > 1) How do you *precisely* know that Tomcat is actually sending 900 > > Set-Cookie Headers ? does the RequestDumperValve also dump the response > > ? or is that what you see in the client browser ? > > In other words, are you really sure that it is Tomcat who is sending all > > these Set-Cookie headers, or could it be the customer's proxy > > adding/multiplying them ? (Not that I would know how it could do that, > > but that's another matter) > > > > 2) The client browser gets 900 Set-Cookie headers, of which the basic > > set of different ones is 30, each multiplied 30 times. > > So the client browser ends up with 30 cookies set ? > > Or just one, in the end ? > > > > 3) Does this number 30 relate in some way to how many separate stations > > at your customer access your Tomcat server ? > > For example, assuming that there would be a way to "reset everything", > > and then turn on a single customer station, and access your Tomcat > > server once, how many Set-cookies would that one browser get in return ? > > And then, what if a second station now sends a request ? > > As a test, why don't you set a cookie on each client PC, (containing a > unique identifier, perhaps a username or something else that will > identify individual PCs or users), to see if that gets multiplied back > to you too. If it does, you may discern more about the pattern of > failure.
I only get those 900 Set-Cookie headers after/at the initial request; Subsequent requests only have one cookie in http request and response header and look pretty normal. -- GMX Download-Spiele: Preizsturz! Alle Puzzle-Spiele Deluxe über 60% billiger. http://games.entertainment.gmx.net/de/entertainment/games/download/puzzle/index.html --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
