wood burning stoves 2.0*
The moose likes Struts and the fly likes Struts & Session issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Struts & Session issues" Watch "Struts & Session issues" New topic
Author

Struts & Session issues

Wes Sorensen
Greenhorn

Joined: Dec 02, 2005
Posts: 13
Hello All,

I've been working with Struts for a little while now and had built the beginnings of a site. My host is running TC 5, so I upgraded from TC 4 on my development machine. I don't know if my problems coincided with that move or not, but now I'm experiencing some weird behavior.

The site has some "secured" areas that are protected with form authentication. All my JSP URLs are URLEncoded() so they pass the jsessionId in each link. That works fine, and the session ID stays the same.

When a user logs in, the form gets passed to the LoginAction which authenicates the user from a database, then I set ActionForm and set it in a session Attribute:



The first page after the login, the jsessionid is gone from the URL and as soon as I go to another page, the session is "lost" to where the site doesn't think the user is logged in anymore (it's checking for that loginUser attribute).

I've done a bunch of searching here since this seems like the best Struts forum around, and it looks like it may be in my getSession(), where I should be passing the false parameter. I have other getSessions(), so I think I need to change those too, but figured I'd throw it out here first.

Marc often posts about the three things to do to not track sessions. I need to be able to use the session variable in my JSPs, so I can't go that route, but would it help to turn off the locale and maybe not use the <HTML:HTML> tag?

I need to go through my code and try a few things, but figured I'd throw it out here for comments.

Thanks!

Wes
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Is this login page the only page that uses Struts, Wes? Or do you have other pages that use Struts and work fine?

One thing that might help your debugging is to place a small scriptlet in your jsps that outputs the id of the session. You'll know when a session dies because the id will change.
<%= request.getSession().getId() %>


A good workman is known by his tools.
Wes Sorensen
Greenhorn

Joined: Dec 02, 2005
Posts: 13
Thanks Marc. No, the whole site uses Struts. No direct access to JSP pages. Every request goes through an Action.

I subclassed Action 3 separate times for the types of access:

AdminAction, MemberAction, OpenAction

The Admin action would check to see if you are an admin (in this session variable) and then allow you to get to the actual action. The same for member (ie: logged in).

I will try what you suggest. I'm outputting several logging messages along the way (log4j) as well. I'll let you know what I find.
Wes Sorensen
Greenhorn

Joined: Dec 02, 2005
Posts: 13
Well, after a couple hours of trying to figure this out, as long as IE has the jsessionid in the URL, all is good. If I delete the jsessionid from the URL, every click on menu items results in a new session.

This remains the same if all cookie settings are turned off (accept all cookies). I expected it to revert to cookie jsessionids, so removing from the URL wouldn't have mattered.

The puzzling thing is that Firefox works great, even with the removal of the jsessionid from the URL.

I'm still working on this, but it's getting VERY frustrating.
Wes Sorensen
Greenhorn

Joined: Dec 02, 2005
Posts: 13
Ok, what the heck! I just uploaded the files to my host, which runs Apache/Tomcat5 and it works great in both browsers.

As I said, I think this may have coincided with my upgrade to Tomcat5, but I can't say for sure.

Could this be a Tomcat config problem?
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
don't know if this will help in any way whatsoever but I had a question on here ages ago regarding how the hell my app always had a session regardless if I'd created it or not.

The answer was to do with the struts-config.xml setting <controller locale="false"/>
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

There's a Tomcat forum here at the ranch. You could search that to see if anyone else is having the same problem with the upgrade. This is a very strange problem indeed.
Wes Sorensen
Greenhorn

Joined: Dec 02, 2005
Posts: 13
Thanks A. Harry. I changed that setting as well. No change.

The fact that FF is working and that it doesn't work in IE on my local machine, I'm starting to think that my IE has a problem. I did some searching in the Tomcat forum and didn't find anything that would help me.

This is so odd, that I'm starting to think that IE has a problem. I can switch the cookie settings and nothing happens.

Thanks for the feedback, guys/gals.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Struts & Session issues
 
Similar Threads
Where should I perform validation with database connectivity?
Prepoulating form fields
database update techniques?
JSession Id and third party payment site
Referring Page in Struts