Really nutty session problem. Please help :(

Hi everyone,

I�m having a really serious (but probably infuriatingly simple) problem with my final year dissertation at university. It�s driving me nuts. I�ve been stuck on it for days and I�m not getting anywhere. I really need some help or I�m in real trouble�.

My problem is two-fold and is based around Tomcat, servlets and sessions:

No matter what I do I cant get tomcat to control state using cookies. Even when they are all set up as the default and even when I actually FORCE the server to use cookies, it refuses.

The second problem is url encoding. Seeing as the server wont play ball when it comes to cookies, I�ve fallen back to using encode url. But even this doesn�t work! L !
I�m just trying to get a very simple session example to work.
What I have is 2 servlets:

The first one creates a session and prints out the session id. I then encode a url that links to the second servlet with the session id and then follow that link. Now heres the odd part:

The session arrives fine and I can remove attributes that I set in the previous servlet, BUT if I try to encode the url for a second time (to lead onto a third servlet) then it fails. I try to print the newly encoded url but tit just comes out unchanged.

I�ve tried everything I can think of an now I�m getting really worried. I don�t think I�m going to be able to solve this on my own because I�m not that experienced with servlets and so forth yet. Heres the code so that someone might be able to spot something really stupid that I�ve done wrong (I�ll just put in the bare minimum so as not to confuse the issue:

SERVLET 1
out.println("Creating session...<br>");

HttpSession session = request.getSession(true);
session.setMaxInactiveInterval(60);

out.println("SessionID: " + session.getId());
String URL = response.encodeURL("LloydReceiver");

out.println("The encoded URL is: " + URL);


SERVLET 2

HttpSession session = request.getSession(false);
if (session == null) {
out.println("Session missing..ARRRGHHH!!!.");
}
else {
out.println("<br/>Session detected!");
out.println("SessionID: " + session.getId());

//just as an example of a URL, this page doesn't actually point back to LloydStart
String URL = response.encodeURL("LloydStart");

out.println("The encoded URL is: " + URL);

session.invalidate();


Thanks to anyone who can offer an explanation as to either why cookies are refusing to work or why the encoding of sessions isnt working. I would reall realy appreciate any help!


Thanks
[ February 14, 2003: Message edited by: Simon Harvey ]

Are all of these servlets in the same "Web Application"?

Originally posted by Simon Harveyy:

No matter what I do I cant get tomcat to control state using cookies. Even when they are all set up as the default and even when I actually FORCE the server to use cookies, it refuses.

You can only request the server to use cookies. Is there a way to get assurance that it does, although J2EE spec mandates cookie and URL re-writing?

The second problem is url encoding. Seeing as the server wont play ball when it comes to cookies, I’ve fallen back to using encode url. But even this doesn’t work! L !

By meaning "doesn't work", do you mean the URLs output at the client are not encoded?

SERVLET 1
session.setMaxInactiveInterval(60);

Could this be a problem? Are you submitting your next request after 60 seconds?

SERVLET 2
session.invalidate();

Could this also potentially be a problem?
-GB.

Hi Simon,
U said u have a problem only when u try to call a third servlet. I probably think that because you are invalidating the session in the second servlet as the code shows, then it will not be able to propagate the session to the third servlet. Try remove the invalidate statement and set the session interval to more than 60. Remember this function takes integer argument that represents time in seconds not in minutes.

No matter what I do I cant get tomcat to control state using cookies. Even when they are all set up as the default and even when I actually FORCE the server to use cookies, it refuses.

Cookies are the default underlying mechanism; it uses cookies unless you say otherwise. I've used session-tracking based on cookies in Tomcat 3, Tomcat 4.0, and Tomcat 4.1: no problem.
Before you conclude it is not working, do a simple test case. Don't try changing timeouts or doing invalidate until you are sure you know what you are doing. Maybe start with this (in the standard Tomcat configuration):
HttpSession session = request.getSession(true);
System.out.println("ID: " + session.getID());
Access this twice from the same user and check the Tomcat window on your desktop. Do you see the same ID both times? Then session tracking is working. Do you see different IDs? Check that your browser has cookies turned on.

The second problem is url encoding. Seeing as the server wont play ball when it comes to cookies, I�ve fallen back to using encode url. But even this doesn�t work!

Actually, this works fine for me in Tomcat 3.x, 4.0, and 4.1 too...
Maybe show your code (use a simple case) and say what you expected to get and what you really got. Don't forget that response.encodeURL returns the argument unchanged when the server is using cookies as the underlying mechanism.
More info? See http://courses.coreservlets.com/Course-Materials/S6-Session-Tracking.pdf and Chapter 9 of http://pdf.coreservlets.com/.
Cheers-
- Marty

Hi everyone,
Thanks for all your replies. I've fixed one of my problems, which was that the third servlet in line wasn't working.
My code was:
String URL = response.encodeURL("test.TestReceiver2");
out.println("<form action=" + URL + "method=get>");
I didn't include a SPACE between URL and "method=get" which was causing the URL to be misformed. Of all the stupid things...
I am however, still having a problem - my session tracking will only use cookies and refuses to use URL rewriting. I want to test that my URL rewriting will work, as I'm having to do it in a roundabout way because of the complicated nature of one of my servlets.
The odd things are:
- a cookie never appears in my cookie jar, even though I know the session is using cookies (I use request.isRequestedSessionIdFromCookie() which is always true). This is why I had originally thought that my sessions refused to use cookies.
- I have'blocked all cookies' in IE6, and set DefaultContext cookies=false in server.xml, but still my sessions use cookies (according to request.isRequestedSessionIdFromCookie() and the fact that the session ID doesn't appear in the URL).
I was wondering, then, how can I get the session to use URL rewriting so I can test that my servlets still work? The only reason I can think of why my sessions seem to 'ignore' my cookie settings above might be something to do with the fact that I'm not accessing my servlets over the internet because they reside on my computer, therefore somehow bypassing these settings?
Thanks for all your previous suggestions (I just can't believe it was a space that was causing me such heartache!), I really appreciate them.
Marty, BTW, I LOVE your Core and More servlets books, they're excellent!