DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44216>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44216 Summary: Don't reuse session ID even if emptySessionPath=true Product: Tomcat 5 Version: Unknown Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Context: - I want my webapp to use "nice" URL for a user's homepage (e.g. "http://server/user";) which is then redirected server side to the real URL (e.g. "http://server/servlet/home?user=user";). This requires to use "emptySessionPath". - I'm using a load-balancer with two Tomcat servers (say T1 and T2) with sticky sessions (xxx.t1, yyy.t2, ...). - Because some http client don't support cookies or are started by another http client (e.g. progressive video download in Media Player started by clicking in link in Firefox), some links have the session id in the URL (e.g. http://server/servlet/stream/yyy.t2/music.mp3). Broken case: - The user navigates to the website and get the session "yyy.t2"from T2. - He then bookmarks a URL with session id in it like the one above. - The next day, he navigates to the website again and get the session "xxx.t1" from T1. - He then selects bookmarked URL. => The request is redirected to T2. The session is invalid so a new one is created. But because of the cookie, the session id is "xxx.t1". So now we have a session created on T2 with a jvmRoute t1. So the following requests will be send to T1 instead of T2 with an inconsistent (or even expired) session. There should be two independent options: - emptySessionPath which only change the path of the session cookie but nothing else - reuseSessionID which will reuse the session id from the cookie if available -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
