This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes URL Rewriting ..  jsessionID appears only once in the session! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "URL Rewriting ..  jsessionID appears only once in the session!" Watch "URL Rewriting ..  jsessionID appears only once in the session!" New topic
Author

URL Rewriting .. jsessionID appears only once in the session!

Muni K Reddy
Ranch Hand

Joined: Aug 23, 2007
Posts: 74


Hi Guys,
I was trying to run the above code from HF Sevlets & JSP's. I am concentrating on URL Rewriting. I have disabled cookies and I click on the link "click me" in the page. As expected, I get jsessionid appended to the URL. However, for future clicks, there is no JsessionID in the URL. I wonder why this is happening. If cookies are disabled then jsessionID should always be returned right???

Many Thanks!
[ August 29, 2007: Message edited by: Muni K Reddy ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If you don't already have either the LiveHttpHeaders or FireBug plugins for Firefox, you might want to grab them.

They're great tools for seeing, debugging, and understanding things like this.

I'm guessing that your browser is sending back the sessionId, even though you have cookies turned off.

MSIE, for instance, has separate settings for session cookies.
They're only stored in memory and aren't preserved when you shut down he browser. A tool that allows you to see the headers will let you see if the browser is passing the cookie or not.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Just found the setting in MSIE.
Go to tools -> Internet Options -> Privacy -> Advanced
From there there are fine grained controls that allow MSIE to accept session cookies, even if all other types of cookies are disabled.


[ August 28, 2007: Message edited by: Ben Souther ]
Muni K Reddy
Ranch Hand

Joined: Aug 23, 2007
Posts: 74
Thanks Ben,
Unchecked the "Always allow session cookie" link. Opened a new window and still no luck!!. I use IE as you guessed. Just googling to find a plugin tool to similar to the one you have mentioned for Firefox (like the LiveHttpHeaders). Its most likely that your first guess( that sessionID is returned even if cookies are turned off) is right.

Thanks a lot!
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Did you restart MSIE after changing? Be sure to close ALL instances of it before starting a new one.
Muni K Reddy
Ranch Hand

Joined: Aug 23, 2007
Posts: 74
Originally posted by Ben Souther:
Did you restart MSIE after changing? Be sure to close ALL instances of it before starting a new one.


Thanks again Ben!,
I just did the following:
  • Disabled cookies, unchecked the "Allow session cookies" check box.
  • Closed all open browser windows.
  • Deleted all existing cookies.
  • Double checked the code, adding session.setMaxInactiveInterval(10); (which was commented in the code)


  • Results:
  • First instance, I get "clickme" and welcome.
  • When i click on the link "clickme",the jsessionId gets appended. (I get "click me" Welcome Back
  • Another click immediately, the jsessionID is vanished.(I get "click me" Welcome Back)
  • I allow the 10 seconds to pass, refresh the page, I get "click me" Welcome (Which means new session), but there is no new JsessionID created when i click on "clickme"!!!
  • However, when i close the window and open a new instance and hit clickme, i get the jsessionId.


  • Do you think thats a strange behaviour? When the session is deactivated a new session and a new session ID must be created right??
    [ August 29, 2007: Message edited by: Muni K Reddy ]
    Ben Souther
    Sheriff

    Joined: Dec 11, 2004
    Posts: 13410

    Yes, when a session expires, a new one will be created on the next hit.

    Did you try another browser? Like FireFox?
    Ben Souther
    Sheriff

    Joined: Dec 11, 2004
    Posts: 13410

    Also, what container are you using?
    Muni K Reddy
    Ranch Hand

    Joined: Aug 23, 2007
    Posts: 74
    It works perfectly with Firefox!! Thank you!

    Im using Tomcat5.5 and was running on IE version7.0.5.

    Thanks a ton!!
    Muni K Reddy
    Ranch Hand

    Joined: Aug 23, 2007
    Posts: 74
    Does that mean its a bug in IE?? or is it a special feature??
    Ben Souther
    Sheriff

    Joined: Dec 11, 2004
    Posts: 13410

    Originally posted by Muni K Reddy:
    Does that mean its a bug in IE?? or is it a special feature??


    Hehe, good question.
    Some might tell you that MSIE IS a bug.

    More seriously,
    MSIE uses core Windows API calls for almost all of it's functionality.
    You might find that all of your settings won't take effect without a reboot of the machine (although in later versions, it's been better about these things).

    Tomcat has a feature that allows you to monitor the request headers.
    In the TOMCAT_INSTALL/conf/server.xml file, find and uncomment the
    requestDumperValve.

    Once you do this and restart Tomcat, it will start logging all of the request headers to one of the files under TOMCAT_INSTALL/logs.
    With that running, you should be able to see if MSIE is indeed sending you the sessionID cookie.

    Muni K Reddy
    Ranch Hand

    Joined: Aug 23, 2007
    Posts: 74
    Ben,
    I did exactly that and IE does create the new session ID's which Im able to read in the Tomcat logs.
    I learnt a few good things today,
    Thanks a lot!!!
    [ August 28, 2007: Message edited by: Muni K Reddy ]
     
    Don't get me started about those stupid light bulbs.
     
    subject: URL Rewriting .. jsessionID appears only once in the session!
     
    Similar Threads
    Url Rewriting
    Session management ambiguity
    Session Tracking with cookies disabled.
    URL Rewriting
    URL rewriting is not working