Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

New Session Id with new host entry  RSS feed

 
Travis Zimmerman
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am hoping someone can help me out with a problem I am having with host names and session ids. This may be something simple that I have forgotten about, so here it goes.

Going through the jsp's below give different results, depending on the URL you use.

If you use http://localhost:8080
The same session id will be seen on each page.

If you use http://test_01:8080
A different session id is displayed on each page.

Add the following files under the ROOT webapp of the default Tomcat 4.1.30 installation. Of course, I understand that storing data in servlet context like this is not a good idea, but for testing purposes it will do what is needed.

index.html:
Test_01
<br><br><br>
<a href="index.jsp">Call 1</a>

index.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<% application.setAttribute( "session1", request.getSession().getId() ); %>
<h1>Tomcat 1 Call 1</h1>
<a href="index2.jsp">Call 2</a>
</body>
</html>

index2.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 2</h1>
<a href="index3.jsp">Call 3</a>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<% application.setAttribute( "session2", request.getSession().getId() ); %>
</body>
</html>

index3.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 3</h1>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<br><br>Session 2 ID:
<%= getServletContext().getAttribute( "session2" ) %>
</body>
</html>


Add the following entry to your host file:
127.0.0.1 test_01

or

<your ip> test_01
 
Chris Stehno
Ranch Hand
Posts: 180
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you change from one domain to another, or even one sub-domain to the main domain, you are given a new session. Sessions do not cross domain boundaries even if they share the same Tomcat context.

If you start out on www.somesite.com and then drop the www so that you are now browsing around somesite.com, you have two different sessions.

This can be your friend and your enemy. I am sure that it is a security measure and quite possibly a standard implementation item... but it can be annoying if your site has multiple domain names for the same context.
There may be a way to make that less restrictive. I have never looked into it.

Hope this helps.

Chris
 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!