• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts & Session issues

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,

I've been working with Struts for a little while now and had built the beginnings of a site. My host is running TC 5, so I upgraded from TC 4 on my development machine. I don't know if my problems coincided with that move or not, but now I'm experiencing some weird behavior.

The site has some "secured" areas that are protected with form authentication. All my JSP URLs are URLEncoded() so they pass the jsessionId in each link. That works fine, and the session ID stays the same.

When a user logs in, the form gets passed to the LoginAction which authenicates the user from a database, then I set ActionForm and set it in a session Attribute:



The first page after the login, the jsessionid is gone from the URL and as soon as I go to another page, the session is "lost" to where the site doesn't think the user is logged in anymore (it's checking for that loginUser attribute).

I've done a bunch of searching here since this seems like the best Struts forum around, and it looks like it may be in my getSession(), where I should be passing the false parameter. I have other getSessions(), so I think I need to change those too, but figured I'd throw it out here first.

Marc often posts about the three things to do to not track sessions. I need to be able to use the session variable in my JSPs, so I can't go that route, but would it help to turn off the locale and maybe not use the <HTML:HTML> tag?

I need to go through my code and try a few things, but figured I'd throw it out here for comments.

Thanks!

Wes
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is this login page the only page that uses Struts, Wes? Or do you have other pages that use Struts and work fine?

One thing that might help your debugging is to place a small scriptlet in your jsps that outputs the id of the session. You'll know when a session dies because the id will change.
<%= request.getSession().getId() %>
 
Wes Sorensen
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Marc. No, the whole site uses Struts. No direct access to JSP pages. Every request goes through an Action.

I subclassed Action 3 separate times for the types of access:

AdminAction, MemberAction, OpenAction

The Admin action would check to see if you are an admin (in this session variable) and then allow you to get to the actual action. The same for member (ie: logged in).

I will try what you suggest. I'm outputting several logging messages along the way (log4j) as well. I'll let you know what I find.
 
Wes Sorensen
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, after a couple hours of trying to figure this out, as long as IE has the jsessionid in the URL, all is good. If I delete the jsessionid from the URL, every click on menu items results in a new session.

This remains the same if all cookie settings are turned off (accept all cookies). I expected it to revert to cookie jsessionids, so removing from the URL wouldn't have mattered.

The puzzling thing is that Firefox works great, even with the removal of the jsessionid from the URL.

I'm still working on this, but it's getting VERY frustrating.
 
Wes Sorensen
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, what the heck! I just uploaded the files to my host, which runs Apache/Tomcat5 and it works great in both browsers.

As I said, I think this may have coincided with my upgrade to Tomcat5, but I can't say for sure.

Could this be a Tomcat config problem?
 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
don't know if this will help in any way whatsoever but I had a question on here ages ago regarding how the hell my app always had a session regardless if I'd created it or not.

The answer was to do with the struts-config.xml setting <controller locale="false"/>
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's a Tomcat forum here at the ranch. You could search that to see if anyone else is having the same problem with the upgrade. This is a very strange problem indeed.
 
Wes Sorensen
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks A. Harry. I changed that setting as well. No change.

The fact that FF is working and that it doesn't work in IE on my local machine, I'm starting to think that my IE has a problem. I did some searching in the Tomcat forum and didn't find anything that would help me.

This is so odd, that I'm starting to think that IE has a problem. I can switch the cookie settings and nothing happens.

Thanks for the feedback, guys/gals.
 
Everybody's invited. Except this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic