T
tb_google
Hi,
I have a problem with some browser clients (UMTS phones, to be exact):
Tomcat sessions are not recognized in subsequent requests. It happens
with Tomcat 5.0.27 and also with Tomcat 5.5.4.
I found that request.getRequestedSessionId() returns
"F432814F1B91E827C17D6F1BF6D1A724" - including the double quotes!! On
other browsers and phones, the quotes are not included.
isRequestedSessionIdFromCookie() returns true, but
isRequestedSessionIdValid() returns false, which seems to cause the
problem. On other browsers isRequestedSessionIdValid() returns true.
So I think that the problematic phones do not send the cookie header in
the way Tomcat expects it. And then the wrong jsessionid cookie cannot
be assigned to a session. Unfortunately it does not help to use
;jsessionid=... in the URL as the cookie value has precedence.
Is there any way to fix this?
Maybe to filter the requests and modify the headers Tomcat sees?
Or to change the implementation of reading Cookies from the headers?
Or to change the implementation of finding a session according to the
cookie value?
Your help is greatly appreciated!
Thomas
I have a problem with some browser clients (UMTS phones, to be exact):
Tomcat sessions are not recognized in subsequent requests. It happens
with Tomcat 5.0.27 and also with Tomcat 5.5.4.
I found that request.getRequestedSessionId() returns
"F432814F1B91E827C17D6F1BF6D1A724" - including the double quotes!! On
other browsers and phones, the quotes are not included.
isRequestedSessionIdFromCookie() returns true, but
isRequestedSessionIdValid() returns false, which seems to cause the
problem. On other browsers isRequestedSessionIdValid() returns true.
So I think that the problematic phones do not send the cookie header in
the way Tomcat expects it. And then the wrong jsessionid cookie cannot
be assigned to a session. Unfortunately it does not help to use
;jsessionid=... in the URL as the cookie value has precedence.
Is there any way to fix this?
Maybe to filter the requests and modify the headers Tomcat sees?
Or to change the implementation of reading Cookies from the headers?
Or to change the implementation of finding a session according to the
cookie value?
Your help is greatly appreciated!
Thomas