2010/11/30 Andrea Corti <ilgrandemazin...@gmail.com>:
> Yes, I have emptySessionPath=true in connectors; is this the issue?
>
In your logs, you have "sessionCreated" message, i.e. a session was
created and thus the listener was notified, but the ID was reused.
You can put a breakpoint in your listener to see where that comes from.
-> "manager.createSession(getRequestedSessionId());" call in
o.a.c.connector.Request.doGetSession(..)
> Thanks for the link, now i'm trying to debug in order to find some more
> details for you experts.
>
> Thanks.
>
> 2010/11/30 Konstantin Kolinko <knst.koli...@gmail.com>
>
>> >> > Follows an extract form a test servlet:
>> >> > HttpSession s = req.getSession();
>> >> > if (s==null) {
>> >> > System.out.println(mt+":Session is null");
>> >> > } else {
>> >> > System.out.println(mt+":Session id="+s.getId()+"\t
>> >> > New="+s.isNew());
>> >> > }
>> >> > System.out.println("pre- invalidate");
>> >> > s.invalidate();
>> >> > System.out.println("post- invalidate: id="+s.getId());
>> >> > s = req.getSession(true);
>> >> > System.out.println("post- get new: id="+s.getId());
>> >>
>> >> Okay, what does the above servlet print when you access it via HTTP, and
>> >> then access it via HTTPS?
>> >>
>> >
>> > HTTP Output:
>> > POST:Session id=F5FAF6115F7BA37ECDA22299C9B3B4BC New=true
>> > pre- invalidate
>> > sessionDestroyed [F5FAF6115F7BA37ECDA22299C9B3B4BC] <-- this log is
>> printed
>> > by a HttpSessionListener
>> > post- invalidate: id=F5FAF6115F7BA37ECDA22299C9B3B4BC
>> > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed
>> by
>> > a HttpSessionListener
>> > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A
>> >
>> > We can notice that the session id after the GetSession(true) is different
>> > from the previous one.
>> >
>> > HTTPS Output:
>> > POST:Session id=36BA1CCC7AEC8A9808027D57B6A5A52A New=false
>> > pre- invalidate
>> > sessionDestroyed [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is
>> printed
>> > by a HttpSessionListener
>> > post- invalidate: id=36BA1CCC7AEC8A9808027D57B6A5A52A
>> > sessionCreated [36BA1CCC7AEC8A9808027D57B6A5A52A] <-- this log is printed
>> by
>> > a HttpSessionListener
>> > post- get new: id=36BA1CCC7AEC8A9808027D57B6A5A52A
>> >
>> > In this case the session id is always the same!
>> >
>>
>> Do you, by a chance, have emptySessionPath=true on your Connector?
>>
>> > I saw that between release 28
>> > and 29 the following class has been changed but i'm not able to debug it.
>> > java\org\apache\catalina\connector\Response.java (method
>> > addSessionCookieInternal)
>>
>> http://wiki.apache.org/tomcat/FAQ/Developing
>>
>> Best regards,
>> Konstantin Kolinko
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
