This week's book giveaway is in the General Computing forum.
We're giving away four copies of Emmy in the Key of Code and have Aimee Lucido on-line!
See this thread for details.
Win a copy of Emmy in the Key of Code this week in the General Computing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

New Session Id with new host entry

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am hoping someone can help me out with a problem I am having with host names and session ids. This may be something simple that I have forgotten about, so here it goes.

Going through the jsp's below give different results, depending on the URL you use.

If you use http://localhost:8080
The same session id will be seen on each page.

If you use http://test_01:8080
A different session id is displayed on each page.

Add the following files under the ROOT webapp of the default Tomcat 4.1.30 installation. Of course, I understand that storing data in servlet context like this is not a good idea, but for testing purposes it will do what is needed.

index.html:
Test_01
<br><br><br>
<a href="index.jsp">Call 1</a>

index.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<% application.setAttribute( "session1", request.getSession().getId() ); %>
<h1>Tomcat 1 Call 1</h1>
<a href="index2.jsp">Call 2</a>
</body>
</html>

index2.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 2</h1>
<a href="index3.jsp">Call 3</a>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<% application.setAttribute( "session2", request.getSession().getId() ); %>
</body>
</html>

index3.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 3</h1>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<br><br>Session 2 ID:
<%= getServletContext().getAttribute( "session2" ) %>
</body>
</html>


Add the following entry to your host file:
127.0.0.1 test_01

or

<your ip> test_01
 
Ranch Hand
Posts: 180
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you change from one domain to another, or even one sub-domain to the main domain, you are given a new session. Sessions do not cross domain boundaries even if they share the same Tomcat context.

If you start out on www.somesite.com and then drop the www so that you are now browsing around somesite.com, you have two different sessions.

This can be your friend and your enemy. I am sure that it is a security measure and quite possibly a standard implementation item... but it can be annoying if your site has multiple domain names for the same context.
There may be a way to make that less restrictive. I have never looked into it.

Hope this helps.

Chris
 
It's a pleasure to see superheros taking such an interest in science. And this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!