[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

bugzilla Wed, 09 Mar 2016 09:33:58 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=59122


lanarima...@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #2 from lanarima...@gmail.com ---
I have news.
Comparing AccessLogValve logs and org.apache.catalina.connector.CoyoteAdapter
logs, in normal condition, in front of:

############### REQUEST OK HANDLING #######################################
#AccessLogValve logs
93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET
/rdsv5i/rds-its/xmlv5i/css/style.jsp?resolution=1024X768 HTTP/1.1"
Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6" Set-Cookie="-"

I see:
#CoyoteAdapter logs
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[uriBC] has value [/rdsv5i/rds-its/xmlv5i/css/style.jsp]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[semicolon] has value [-1]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[enc] has value [ISO-8859-1]
08-Mar-2016 10:16:35.848 FINE [ajp-apr-8109-exec-3]
org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId  Requested
cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6


But when tomcat sent a renewed jsessionid (lost session issue), I observed that
although browser sent JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6:

############### REQUEST KO HANDLING #######################################
#AccessLogValve logs
93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET
/rdsv5i/rds-its/xmlv5i/js/customers/righi.js HTTP/1.1" 404 1037
Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4.tom01v6"
Set-Cookie="JSESSIONID=0D954B6C1223E63C54DB8BDA265A7B83.tom01v6; Path=/rdsv5i;
Secure"

Coyote connector doesn't recognize it:
#CoyoteAdapter logs
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[uriBC] has value [/rdsv5i/rds-its/xmlv5i/js/customers/righi.js]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[semicolon] has value [-1]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6]
org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable
[enc] has value [ISO-8859-1]

You can observe the missing of:
Requested cookie session id is CE848CE8D53223658BD8D69D5CB667D4.tom01v6 in logs

like observed in "REQUEST OK HANDLING"

I suspect some problem in cookie parsing, what do you think?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59122] Browser send back to tomcat "likely valid" JSESSIONID but tomcat recreate session and response to browser a renewed JESSIONID

Reply via email to