• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

New Session Created Randomly in Tomcat 5.0.28

 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Problem Description :
1. I have a typical JSP-Servlet web application running on tomcat 5.0.28.
2. After successful login a new session is created. (in login.jsp) and user specific data is kept in session
3. User moves on through the application . Accesses a JSP ( e.g. PageWithHeavyJavascript.jsp), JavaScript code.
4. After doing some selections etc. PageWithHeavyJavascript.jsp, user browses another JSP ( e.g. plain.jsp) which *does not* have any session related code. At this point *sometimes* a NEW session is created. (By implementing HttpSessionListener I observed that the sessionCreated() methos is getting called everytime and sessionDestoryed() method is never getting called)
5. After lot of debugging I have observed that this happens when lot of Javascript code is called through clicks etc. new session is created. I am unable to link lot of Javascript calls with New session getting created.

Has anybody faced the same problem?
I would appreciate if you can shed some light on this issue... any hint/solution?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Within your Javascript, you've got nothing that submits data to the server, right ?
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. On click of submit button javascript function (submitData()) is called
2. This function reads a value of an html element, assign it hidden field and call form.submit() method.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Then ? You're submitting to a servlet ?

1. Confirm that the targetted servlet does not contain some suspicious code (getSession())
2. Confirm that no session listeners is interfering.
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even without submitting the request on that page(the page with lot of JavaScript Code over it),if the users tries to click on some other link and go to new page new session is created.

I had implements SessionListerner and observed that sessionDestroyed() method is not getting called ,but sessionCreated() method is getting called as soon as some other page is hit.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Except the Javascript, are you sure there's no other differences with other jsp pages ? Like including a file with contains some session related code. Maybe something buggy which checks if the user is logged in
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No nothing of that sort.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way, are you using cookies ?
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using HttpSession object and by default its using cookies for session management.
I haven;t blocked cookies in my browser and hence cookies are used.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as the servlet/JSP container is concerned, javascript is just a bunch of text; no different from HTML or plain text.

The only way Javascript code could have any effect on the server is if it makes AJAX calls or, in some other way, makes posts back to the server.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had implements SessionListerner and observed that sessionDestroyed() method is not getting called ,but sessionCreated() method is getting called as soon as some other page is hit.

Are all these pages/jsp/etc contained in the same "web application"?
Bill
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are your pages spawning new browser windows?

I know that, at some point, there was a bug in MSIE that kept sessionIDs from being sent in popup windows, under certain conditions. A while back (probably a year or so ago), I found a Microsoft page that explained this and posted a link to it. Any call to your server that doesn't have session id could cause the server to create a new session.
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All those JSP are in the same web application.
 
Nilesh Naik
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All these pages are opened in the same browser window.
 
Sai Priya
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi nilesh iam also having the same problem. In my case also it is creating new session for each page. If you get any solution for this problem please share with me iam in very much need of it.
thank you
 
Harshil Mehta
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Nilesh/ Sai Priya,
I am also getting the similar problem.
My application is on apache/tomcat server.
I have included multiple jsp's in my index.jsp, e.g. header, login, right_navigation etc..
When user logs in the application through the included login jsp, it creates a session.
Strange thing is that when he clicks on the "Home" link available on the login.jsp, the same session is retained but when he click on the "Home" link available on the header.jsp, a new session is created.
Session related code is only in the login.jsp.

Interestingly this code works fine in my local machine where I am using tomcat 5.0.28, but it shows above behaviour on the remote Apache server with multiple tomcat 5.0.28 instances.

Do anyone knows any specific reason for such behaviour??
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic