On the very first attempt to run this sequence, it appears that IE is clearing my session attributes. I say this because when the Java Servlet (validates user submitted data) is then accessed, it sends the user to my 'session expired' page rather than completing the login and forwarding to the 'success' page. Its forwarding to the 'session expired' page, because a session attribute that should be there, isn't any longer.
ramprasad madathil wrote:What's probably happening is that the session cookie (that identifies the session on the server and which usually has the name JSESSIONID) is not being sent in the http request from IE. To verify this, you could use a tool like 'Fiddler' with IE to monitor http headers.
Somewhere along the line, in that http request, the absence of a session forces a component (servlet/filter/jsp) to create a new one which obviously wouldnt have the session attribute that identifies the logged in user and hence the login page.
What I've noticed, is that when I'm on a secure https page, the jsessionid is NOT present in the url, whereas on the non-secure pages (http), the jsessionid is there.
Questions
1) Is it possible that I don't have SSL setup correctly?
2) Is there some sort of configuration I have to make in my Tomcat server? Anything having to do with the jsessionid?
Experience keeps a dear School, but Fools will learn in no other.
---
Benjamin Franklin - Postal official and Weather observer
Consider Paul's rocket mass heater. |