Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

New Session Id with new host entry

 
Travis Zimmerman
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am hoping someone can help me out with a problem I am having with host names and session ids. This may be something simple that I have forgotten about, so here it goes.

Going through the jsp's below give different results, depending on the URL you use.

If you use http://localhost:8080
The same session id will be seen on each page.

If you use http://test_01:8080
A different session id is displayed on each page.

Add the following files under the ROOT webapp of the default Tomcat 4.1.30 installation. Of course, I understand that storing data in servlet context like this is not a good idea, but for testing purposes it will do what is needed.

index.html:
Test_01
<br><br><br>
<a href="index.jsp">Call 1</a>

index.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<% application.setAttribute( "session1", request.getSession().getId() ); %>
<h1>Tomcat 1 Call 1</h1>
<a href="index2.jsp">Call 2</a>
</body>
</html>

index2.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 2</h1>
<a href="index3.jsp">Call 3</a>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<% application.setAttribute( "session2", request.getSession().getId() ); %>
</body>
</html>

index3.jsp:
<html>
<center>
<%= request.getSession().getId() %>
<h1>Tomcat 1 call 3</h1>
<br><br>Session 1 ID:
<%= getServletContext().getAttribute( "session1" ) %>
<br><br>Session 2 ID:
<%= getServletContext().getAttribute( "session2" ) %>
</body>
</html>


Add the following entry to your host file:
127.0.0.1 test_01

or

<your ip> test_01
 
Chris Stehno
Ranch Hand
Posts: 180
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you change from one domain to another, or even one sub-domain to the main domain, you are given a new session. Sessions do not cross domain boundaries even if they share the same Tomcat context.

If you start out on www.somesite.com and then drop the www so that you are now browsing around somesite.com, you have two different sessions.

This can be your friend and your enemy. I am sure that it is a security measure and quite possibly a standard implementation item... but it can be annoying if your site has multiple domain names for the same context.
There may be a way to make that less restrictive. I have never looked into it.

Hope this helps.

Chris
 
I promise I will be the best, most loyal friend ever! All for this tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!