Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session lost in Tomcat when POST is done from a remote computer

 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am having this weird problem with Tomcat v.5.5.20 . I have a simple JSP that sets a session attribute (session key) and has a form with a couple of text input fields and a submit button. The action of the form is another JSP and the method is post. The other JSP reads the session attribute. If I browse these JSPs locally I have no problems reading the session attribute in the second JSP. But if I do it from another computer, the seconds JSP gets a null value for the attribute. It looks like the session has been lost. Any ideas of what I am doing wrong or if there is any setting missing in Tomcat? Here's the code for the JSPs.

test1.jsp


test2.jsp


Thanks

Fernando

[ August 22, 2007: Message edited by: Fernando Margueirat ]

[ August 22, 2007: Message edited by: Fernando Margueirat ]
[ August 23, 2007: Message edited by: Fernando Margueirat ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It could be that the browser on the other computer has disabled cookie support. Try adding URL Re-Writing to the form actions and links and see if it works form that computer.
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben

Thanks for the response.

Cookies are enabled in both browsers. And if I switch the computers and run Tomcat from the "remote" computer the problem persist. Locally (the one that use to be remote) the page loads ok, but remotely it fails. BTW I forgot to mention that I am using Tomcat v. 5.5.20. I'll add that to the original post.

Fernando
 
Nathan Hook
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here some things to do to check to see what is happening.

Print out the hex code of the session for the remote client in both JSPs. For both requests the hex code should be the exact same. (You can often see the hex code of an object by doing a toString().

Check the physical cookie file on the remote client. Really check to see if the jsessionid is being set in that file.

There was something else, but I can't remember it right now.
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nathan

When I print the session.toString() when running locally I get the same values in both JSPs but when I run it from a remote computer I get to different values. This confirms that Tomcat is creating a new session when moving to test2.jsp.

Re the cookies, it is not creating any cookies either locally nor remotely. And I think it shouldn't since I am not explicitely creating a cookie and I don't think Tomcat uses cookies to track the sessions. Correct me if I'm wrong.

I would love to hear what was the other thing to check if you remember.

Thanks

Fernando
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think Tomcat uses cookies to track the sessions. Correct me if I'm wrong.


Yep, you are wrong. As per the Servlet/JSP API, the default method for session tracking depends on cookies. Therefore client browser cookie handling is important. Note that normally session tracking only works within the same "web application"


Bill
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bill

Thanks for the correction. That does mean that I have to create the cookie myself or will Tomcat do it for me?

Fernando
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, Tomcat will do it for you.

You don't, by any chance have any links or form action attributes with fully qualified URLs in your app, do you?

<a href="localhost..." />
or
<a href="127.0.0.1..." />
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben

I am using relative URLs, as in my example above.


Your question made think of trying http://myservername/test1.jsp instead of http://localhost/test1.jsp or http://127.0.0.1/test1.jsp when browsing locally on the server. And in that case (using myservername) it failed. So it has to related to the domain. Also, I still don't see the cookies being created.

Fernando
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never mind guys. The problem has f...ing Windows Internet Explorer. Even though I have cookies enabled and my web server added to the Local Intranet with Low security, it is still not creating the cookies.

I've tried it in Firefox without any problems. GRRRRRRRRRRRRRRRRRRRRR.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
MSIE has a separate configuration for session cookies.
Go to tools -> Internet Options -> Privacy -> Advanced
 
Fernando Margueirat
Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben

Yes, that's where I changed the cookies setting. I found the problem and solution in a IE forum. If the servername has an underscore (e.g. my_server) I don't know why but IE will reject the cookies.

Thanks everyone for your help.

Fernando
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic