TOMCAT PROBLEM: Establishing a session

M

Michael Baran

Hi I am running Tomcat in standalone mode.
My browser does not establish a session untill I hit the
refresh button on my Mozilla browser.

However, If a Run tomcat with an Apache Server serving the html
a session id is established.

I am using the HttpSession session = request.getSession(true); method.

Any help would be appreciated.

-Mike

Michael Baran
(e-mail address removed)
 
O

Oscar Kind

Michael Baran said:
Hi I am running Tomcat in standalone mode.
My browser does not establish a session untill I hit the
refresh button on my Mozilla browser.

However, If a Run tomcat with an Apache Server serving the html
a session id is established.

What method did you use to determine whether there is a session or not?

Personally, I use the method you describe below, and have never failed to
receive a valid session. Sure, the client may only know about it when the
request returns (and states the session id in a session cookie). But this
is not a problem AFAIK.

I am using the HttpSession session = request.getSession(true); method.

AFAIK, this is the only way to properly create a session. I may be wrong,
however.


Oscar
 
M

Michael Baran

Oscar Kind said:
What method did you use to determine whether there is a session or not?

Personally, I use the method you describe below, and have never failed to
receive a valid session. Sure, the client may only know about it when the
request returns (and states the session id in a session cookie). But this
is not a problem AFAIK.



AFAIK, this is the only way to properly create a session. I may be wrong,
however.


Oscar



Thanks Oscar. Let me expand on my problem.

I have a java applet running inside the html produced by the java
servlet.
Basically, the applet is a file select box to allow for selection of
directories, since this functionality was declared a bug by Mozilla
and Netscape in their implentation of the HTML FileBox.

In order to pass the parameter selected from the applet to the
servlet, we have written a second servlet which implements a HashTable
to store the session_id and the parameter. Other servlets can then
query the HashTable using the session_id as a query parameter to
retrieve the value selected in the FileBox.

The thing is: if the querying method cannot obtain a session_id, it
cannot query for the parameter. Likewise, if there is no session id
the Filebox cannot place a null value as a key in the HashTable.


My app is setup so that you:
1) first view a static web page
2)then view a servlet webpage which encodes a series of HTML links.
This servlet sets the session_id using the HttpSession session =
request.getSession(true); method.
3)Then the next page generated by a different servlet contains the
FileBox and again uses the HttpSession session =
request.getSession(true); method.


Here is the weird part: When I serve the static html page (#1 above)
from an Apache web server all works as planned. #2 establishes a
session which can be used in #3. However, if I run standalone and
open the webpage in #1 from the Tomcat server, or even just use
open-->File in my web browser then a session id is never established.
If I press reload on the web browser, then I will get a session id.

I am using Tomcat 3.2.4 and Mozzilla 1.4. I have also tested on
Tomcat 4.1.27.

I hope this gives a clearer picture of whats going on.

-Mike
 
J

John C. Bollinger

Michael said:
I have a java applet running inside the html produced by the java
servlet.

Basically, the applet is a file select box to allow for selection of
directories, since this functionality was declared a bug by Mozilla
and Netscape in their implentation of the HTML FileBox.

In order to pass the parameter selected from the applet to the
servlet, we have written a second servlet which implements a HashTable
to store the session_id and the parameter. Other servlets can then
query the HashTable using the session_id as a query parameter to
retrieve the value selected in the FileBox.

Do note that where sessions are maintained via a session cookie,
requests generated by an applet generally do not end up assigned to the
same session as requests from the browser hosting the applet. This may
be the source of your problem; if so, the solution may be to code for
URL rewriting and to disallow session maintenance via cookies in your
webapp or container. How to achieve the latter is container dependant.
Even then, your applet must communicate with the server via a
rewritten URL to ensure that the request is assigned to the same
session. You must also take care when trying to pass request parameters
through a rewritten URL, as it is easy to do get it wrong; using HTTP
POST (with no query string) instead of GET when passing request
parameters to a rewritten URL should avoid ploblems.
The thing is: if the querying method cannot obtain a session_id, it
cannot query for the parameter. Likewise, if there is no session id
the Filebox cannot place a null value as a key in the HashTable.

You should always be able to obtain a session id if you want one.
request.getSession(true) (or equivalently, request.getSession()) will
create a session if the request does not already belong to one.
My app is setup so that you:
1) first view a static web page
2)then view a servlet webpage which encodes a series of HTML links.
This servlet sets the session_id using the HttpSession session =
request.getSession(true); method.
3)Then the next page generated by a different servlet contains the
FileBox and again uses the HttpSession session =
request.getSession(true); method.

But the interesting part is the _next_ page -- the one that processes
the FileBox choice -- and to some extent the details of the applet and
the page produced by (3). It is how the browser / applet constructs the
request for that next page that you need to worry about.
Here is the weird part: When I serve the static html page (#1 above)
from an Apache web server all works as planned. #2 establishes a
session which can be used in #3. However, if I run standalone and
open the webpage in #1 from the Tomcat server, or even just use
open-->File in my web browser then a session id is never established.

I find it highly unlikely that a session (and hence a session id) is not
established. It is much more likely that you are ending up with more
than one session when you are expecting only one, in which case you
could be trying to look up your data via the wrong session id. Perhaps
it would assist your debugging if you used request.getSession(false)
instead of request.getSession(true) in places where application logic
depends on a session having been previously established. I would
recommend that as good general practice, in fact.


John Bollinger
(e-mail address removed)
 
M

Michael Baran

Thanks for the response John.

I am aware that the applet and the servlet will have different session
ids. That is why we wrote a servlet called SessionKeeper which
contains a HashTable to store the servlet's servlet_id with the
applets parameter.

However the wierd thing is that if I link to my servelt from a static
html page served by the tomcat server and then call
getRequestedSessionId () it returns null. If I then press the reload
button on the web browser getRequestedSessionId returns the session
id!

Furthermore, if I link to the servlet from a static html page served
by an Apache web server getRequestedSessionId () will return the
session_id with no problem the first time.
 
M

Michael Baran

Problem solved.

I used session.getId() instead of request.getRequestedSessionId() to
retrieve the session id
 
J

John C. Bollinger

Michael said:
Problem solved.

I used session.getId() instead of request.getRequestedSessionId() to
retrieve the session id

Well, yes. Sorry I didn't read your previous message in time to offer
that advice. If a request is not already associated with a session
before arriving at the servlet container (i.e. it doesn't already
contain a session cookie or a session id in the URL) then by definition
there is no requested session id. That in no way prevents the container
from creating a session for the request and associating the two during
request processing, however. Remember that reloading a page involves
making a new request to the server; if requests to thatg resource are
associated into sessions maintained via cookies then the new request
will contain the session cookie and thus have a requested session id,
even if the original one did not. Moreover, even if the original
request did have a requested session id, there are various reasons why
that might not match the actual session id -- the most common being a
session timeout.

If you want the id of the current session then ask for it via
session.getId(); if you have reason to worry about the requested session
id then ask for it via request.getRequestedSessionId(). The former is a
much more common need than the latter.


John Bollinger
(e-mail address removed)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top