We are developing an app using Ajax on the client side and
Tomcat on the server side. We have run into an issue with Tomcat returning different session ids between requests. We created a simple
test app which sends Ajax requests to Tomcat. What we have found is:
1) sending multiple Ajax requests independently of each other to Tomcat results in different session ids, which is to be expected
2011/1/21 10:28:52.757 200 url=test/fetchOne sessionId=C7E2BCF7266EA208FC049F0F4A1848B5
2011/1/21 10:28:52.758 200 url=test/fetchTwo sessionId=B3D17000A4A481DB076547D8217493B6
2011/1/21 10:28:52.758 200 url=test/fetchThree sessionId=98C25FAB42F957A3BECA3C65917CE1B6
2) sending a single Ajax request and then sending the remaining requests after the first one has responded, we get the same session id across requests, which is expected
2011/1/21 10:28:24.470 200 url=test/fetchOne sessionId=A8A221C228367CAA2FE51E15F66210B7
2011/1/21 10:28:27.253 200 url=test/fetchTwo sessionId=A8A221C228367CAA2FE51E15F66210B7
2011/1/21 10:28:27.253 200 url=test/fetchThree sessionId=A8A221C228367CAA2FE51E15F66210B7
3) for both 1) and 2) above, if we add authentication (BASIC, CAS, etc...), initially we get different session ids across the Ajax requests, but eventually tomcat will return the same session id
2011/1/21 10:29:54.342 200 url=test/fetchOne sessionId=1C8A8255ADAA768E46124484C0C4D197
2011/1/21 10:29:56.597 200 url=test/fetchTwo sessionId=DE3AB5132A3B7F297D6E0CE2CE211C25
2011/1/21 10:29:56.597 200 url=test/fetchThree sessionId=B24A306F2D77A7B2812D6FFD686DC0E2
2011/1/21 10:29:57.813 200 url=test/fetchOne sessionId=2B9F6B5663EB205DA12C162512553831
2011/1/21 10:29:57.820 200 url=test/fetchTwo sessionId=2B9F6B5663EB205DA12C162512553831
2011/1/21 10:29:57.821 200 url=test/fetchThree sessionId=2B9F6B5663EB205DA12C162512553831
This seems to be happening with Tomcat 6.0.24 and up (including 7.0.8). This works as expected with Tomcat 6.0.20. We also tested using Jetty and it works as expected.
Anyone seen this before or have any ideas? Thanks.