aspose file tools*
The moose likes Tomcat and the fly likes Session lost in Tomcat when POST is done from a remote computer Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Session lost in Tomcat when POST is done from a remote computer" Watch "Session lost in Tomcat when POST is done from a remote computer" New topic
Author

Session lost in Tomcat when POST is done from a remote computer

Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
I am having this weird problem with Tomcat v.5.5.20 . I have a simple JSP that sets a session attribute (session key) and has a form with a couple of text input fields and a submit button. The action of the form is another JSP and the method is post. The other JSP reads the session attribute. If I browse these JSPs locally I have no problems reading the session attribute in the second JSP. But if I do it from another computer, the seconds JSP gets a null value for the attribute. It looks like the session has been lost. Any ideas of what I am doing wrong or if there is any setting missing in Tomcat? Here's the code for the JSPs.

test1.jsp


test2.jsp


Thanks

Fernando

[ August 22, 2007: Message edited by: Fernando Margueirat ]

[ August 22, 2007: Message edited by: Fernando Margueirat ]
[ August 23, 2007: Message edited by: Fernando Margueirat ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

It could be that the browser on the other computer has disabled cookie support. Try adding URL Re-Writing to the form actions and links and see if it works form that computer.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Ben

Thanks for the response.

Cookies are enabled in both browsers. And if I switch the computers and run Tomcat from the "remote" computer the problem persist. Locally (the one that use to be remote) the page loads ok, but remotely it fails. BTW I forgot to mention that I am using Tomcat v. 5.5.20. I'll add that to the original post.

Fernando
Nathan Hook
Ranch Hand

Joined: Jan 10, 2005
Posts: 81
Here some things to do to check to see what is happening.

Print out the hex code of the session for the remote client in both JSPs. For both requests the hex code should be the exact same. (You can often see the hex code of an object by doing a toString().

Check the physical cookie file on the remote client. Really check to see if the jsessionid is being set in that file.

There was something else, but I can't remember it right now.
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Nathan

When I print the session.toString() when running locally I get the same values in both JSPs but when I run it from a remote computer I get to different values. This confirms that Tomcat is creating a new session when moving to test2.jsp.

Re the cookies, it is not creating any cookies either locally nor remotely. And I think it shouldn't since I am not explicitely creating a cookie and I don't think Tomcat uses cookies to track the sessions. Correct me if I'm wrong.

I would love to hear what was the other thing to check if you remember.

Thanks

Fernando
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12823
    
    5
I don't think Tomcat uses cookies to track the sessions. Correct me if I'm wrong.


Yep, you are wrong. As per the Servlet/JSP API, the default method for session tracking depends on cookies. Therefore client browser cookie handling is important. Note that normally session tracking only works within the same "web application"


Bill
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Bill

Thanks for the correction. That does mean that I have to create the cookie myself or will Tomcat do it for me?

Fernando
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

No, Tomcat will do it for you.

You don't, by any chance have any links or form action attributes with fully qualified URLs in your app, do you?

<a href="localhost..." />
or
<a href="127.0.0.1..." />
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Ben

I am using relative URLs, as in my example above.


Your question made think of trying http://myservername/test1.jsp instead of http://localhost/test1.jsp or http://127.0.0.1/test1.jsp when browsing locally on the server. And in that case (using myservername) it failed. So it has to related to the domain. Also, I still don't see the cookies being created.

Fernando
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Never mind guys. The problem has f...ing Windows Internet Explorer. Even though I have cookies enabled and my web server added to the Local Intranet with Low security, it is still not creating the cookies.

I've tried it in Firefox without any problems. GRRRRRRRRRRRRRRRRRRRRR.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

MSIE has a separate configuration for session cookies.
Go to tools -> Internet Options -> Privacy -> Advanced
Fernando Margueirat
Ranch Hand

Joined: Jun 07, 2004
Posts: 33
Ben

Yes, that's where I changed the cookies setting. I found the problem and solution in a IE forum. If the servername has an underscore (e.g. my_server) I don't know why but IE will reject the cookies.

Thanks everyone for your help.

Fernando
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Session lost in Tomcat when POST is done from a remote computer