why does tomcat create a session when I initially browse to an html page? And when does it decide to create a cookie for this session, before calling getSession method or after? Is there a way to stop tomcat doing this initial session creation? regards.
I just created a web app with a single HTML page named index.html, deployed it in Tomcat, hit the app, saw the contents of index.html. Then I opened up the manager app and saw that there were 0 sessions active for this app.
So, for me, Tomcat doesn't create a session when I initially browse to an HTML page. Are you sure you're not doing something else that would cause a session to be created? [ November 27, 2008: Message edited by: Ben Souther ]
Yes you are right. If it is an html page it does not create a session. I had a index.jsp which just included response.sendRedirect("xxx.html") then I deleted index.jsp file and renamed xxx.html as index.html then it does not create a session now.
But I still have my problem. When you call a jsp file tomcat creates a session and a cookie called JSESSIONID for you. Can I override this behaviour and have a cookie named as sth else which I will define in my code? I mean I can still create a new cookie named as sth else but when getSession method is called always JSESSIONID's value will be returned.
I would like to get my custom cookie's value when I call getSession method. Do you have any idea about how to do that?
I would like to get my custom cookie's value when I call getSession method.
Why in the name of sanity would you want to do that?
Creating and recovering custom c ookie names and values is all covered in the servlet API. If you don't want to use sessions, you dont have to but it makes no sense to try to change the way sessions work.
Start by reading the JavaDocs for javax.servlet.http.C ookie class.
posted 10 years ago
if it is not possible I will try to solve my problem with an additional cookie. but for this case i need to access cookies from my session listener class which implements HttpSessionListener to look for my additional cookie's value. I mean I should somehow get request object from HttpSessionEvent. is there way to do that? thanks.
I have a memcache server running on a machine. I am storing my session attributes as a hashmap on this server. You store objects into memcache with some keys(strings). So I store my session with its own id as a key into memcache.
I have two other machines which has tomcat running. I want both of these tomcat servers have access to the same session data (from memcache server).
Now, i am accessing these servers from a different client machine. when I browse to a jsp page via server1 tomcat creates a JSESSIONID cookie for me. I use this cookie's value and set another cookie named as "xxxcookie". if I try to access to a jsp page via server2 now, i can see my xxxcookie in the header since I set domainnames and paths the same. but the problem is server2 also creates another JSESSIONID cookie additionally.
When I call getId from server2 (by using its ip/name from client browser) it gives me the value from JSESSIONID cookie. not from "xxxcookie" cookie. So I can not get my session data from memcache since there are two JSESSIONID cookies with two different values. To solve this issue I look for the "xxxcookie" cookie from my filter code and use that value as id. This works fine.
But when I call setAttribute method of session I would like to add this value also into memcache. The problem is I do not have access to request or cookies from session listener class. When a session is created, deleted or some attributes added, I need to access memcache and update my map there. But as I said tomcat creates a JSESSIONID by default which is given by session.getId. So I can not access my map in memcache since I do not have correct id value.
This is my problem. I hope I could make myself clear. Thanks.
Author and all-around good cowpoke
posted 10 years ago
So I store my session with its own id as a key into memcache.
You appear to be trying to mix up the servlet engine's session handling mechanism with your own - this will lead to disaster as sessions should only be managed by the container.
Much simpler to create your own custom class to handle session-like tasks. Make it serializable so it can be stored centrally, shared between servlets and stored permanently.
I use a unique user id string that is also a legal file name. This lets me recover the user's state with just the id string from a cookie or hidden form variable.