wood burning stoves 2.0*
The moose likes JSP and the fly likes New Session Created Randomly  in Tomcat 5.0.28 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "New Session Created Randomly  in Tomcat 5.0.28 " Watch "New Session Created Randomly  in Tomcat 5.0.28 " New topic
Author

New Session Created Randomly in Tomcat 5.0.28

Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
Problem Description :
1. I have a typical JSP-Servlet web application running on tomcat 5.0.28.
2. After successful login a new session is created. (in login.jsp) and user specific data is kept in session
3. User moves on through the application . Accesses a JSP ( e.g. PageWithHeavyJavascript.jsp), JavaScript code.
4. After doing some selections etc. PageWithHeavyJavascript.jsp, user browses another JSP ( e.g. plain.jsp) which *does not* have any session related code. At this point *sometimes* a NEW session is created. (By implementing HttpSessionListener I observed that the sessionCreated() methos is getting called everytime and sessionDestoryed() method is never getting called)
5. After lot of debugging I have observed that this happens when lot of Javascript code is called through clicks etc. new session is created. I am unable to link lot of Javascript calls with New session getting created.

Has anybody faced the same problem?
I would appreciate if you can shed some light on this issue... any hint/solution?
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Within your Javascript, you've got nothing that submits data to the server, right ?


[My Blog]
All roads lead to JavaRanch
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
1. On click of submit button javascript function (submitData()) is called
2. This function reads a value of an html element, assign it hidden field and call form.submit() method.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Then ? You're submitting to a servlet ?

1. Confirm that the targetted servlet does not contain some suspicious code (getSession())
2. Confirm that no session listeners is interfering.
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
Even without submitting the request on that page(the page with lot of JavaScript Code over it),if the users tries to click on some other link and go to new page new session is created.

I had implements SessionListerner and observed that sessionDestroyed() method is not getting called ,but sessionCreated() method is getting called as soon as some other page is hit.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Except the Javascript, are you sure there's no other differences with other jsp pages ? Like including a file with contains some session related code. Maybe something buggy which checks if the user is logged in
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
No nothing of that sort.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

By the way, are you using cookies ?
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
I am using HttpSession object and by default its using cookies for session management.
I haven;t blocked cookies in my browser and hence cookies are used.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

As far as the servlet/JSP container is concerned, javascript is just a bunch of text; no different from HTML or plain text.

The only way Javascript code could have any effect on the server is if it makes AJAX calls or, in some other way, makes posts back to the server.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12803
    
    5
I had implements SessionListerner and observed that sessionDestroyed() method is not getting called ,but sessionCreated() method is getting called as soon as some other page is hit.

Are all these pages/jsp/etc contained in the same "web application"?
Bill
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Are your pages spawning new browser windows?

I know that, at some point, there was a bug in MSIE that kept sessionIDs from being sent in popup windows, under certain conditions. A while back (probably a year or so ago), I found a Microsoft page that explained this and posted a link to it. Any call to your server that doesn't have session id could cause the server to create a new session.
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
All those JSP are in the same web application.
Nilesh Naik
Greenhorn

Joined: Jul 18, 2006
Posts: 13
All these pages are opened in the same browser window.
Sai Priya
Greenhorn

Joined: Jul 06, 2006
Posts: 7
hi nilesh iam also having the same problem. In my case also it is creating new session for each page. If you get any solution for this problem please share with me iam in very much need of it.
thank you
Harshil Mehta
Ranch Hand

Joined: Mar 17, 2005
Posts: 64
Hi Nilesh/ Sai Priya,
I am also getting the similar problem.
My application is on apache/tomcat server.
I have included multiple jsp's in my index.jsp, e.g. header, login, right_navigation etc..
When user logs in the application through the included login jsp, it creates a session.
Strange thing is that when he clicks on the "Home" link available on the login.jsp, the same session is retained but when he click on the "Home" link available on the header.jsp, a new session is created.
Session related code is only in the login.jsp.

Interestingly this code works fine in my local machine where I am using tomcat 5.0.28, but it shows above behaviour on the remote Apache server with multiple tomcat 5.0.28 instances.

Do anyone knows any specific reason for such behaviour??
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: New Session Created Randomly in Tomcat 5.0.28