ions which did not have any problems.
-Harri
-Original Message-
From: Mark Thomas
Sent: torstai 22. toukokuuta 2025 9.50
To: users@tomcat.apache.org
Subject: Re: WebSocket session is never closed
On 21/05/2025 10:37, Harri Pesonen wrote:
> Hello,
>
> We have a random problem
)
to signal to Tomcat that the session is being closed due to an error
condition. It should step additional error events being triggered. But
both methods should work.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat
NF> (main)
(org.apache.catalina.core.AprLifecycleListener#initializeSSL) OpenSSL
successfully initialized [OpenSSL 3.0.14 4 Jun 2024]
-Harri
Lähettäjä: Harri Pesonen
Lähetetty: keskiviikko 21. toukokuuta 2025 12.37
Vastaanottaja: users@tomcat.apache.org
Aihe: WebSocket sess
WebSocket session lives forever, until Tomcat is restarted.
When our application tries to send async message to this WebSocket, then it
always fails with this error:
java.io.IOException: An established connection was aborted by the software in
your host machine
at java.base
Pascal,
On 1/9/25 7:31 AM, Pascal Rigaux wrote:
On 08/01/2025 22:13, Christopher Schultz wrote:
[...]
It would allow anyone to force a logout of all current users at will
just by making any request that causes an unauthenticated session to
be created.
Instant DOS.
Note that current
The proposal does not create instant DOS, because applications can always
create new session if the old session is closed.
Instead the current behavior creates instant DOS, as no new sessions can be
created.
😊
Although the current behavior is still probably the better option, so that at
least
On Thu, Jan 9, 2025 at 1:31 PM Pascal Rigaux
wrote:
>
> Hi,
>
> On 08/01/2025 22:13, Christopher Schultz wrote:
> > [...]
> > It would allow anyone to force a logout of all current users at will just
> > by making any request that causes an unauthenticated session
Hi,
On 08/01/2025 22:13, Christopher Schultz wrote:
[...]
It would allow anyone to force a logout of all current users at will just by
making any request that causes an unauthenticated session to be created.
Instant DOS.
Note that current "maxActiveSessions" implementation also ca
Pascal,
On 1/8/25 2:20 PM, Pascal Rigaux wrote:
On some applications we have:
- quite low number of users most of the time
- high number of users twice a year
These applications store quite a lot of information in session.
To cope with the surge of users, we would need to:
- either increase mx
Hi,
On some applications we have:
- quite low number of users most of the time
- high number of users twice a year
These applications store quite a lot of information in session.
To cope with the surge of users, we would need to:
- either increase mx (Java max memory)
- or use short session
aints that force the user to log
in before getting to the servlet. But if the user spends too much time
interacting with the servlet and not reloading one of the pages that
require a login, the session will timeout, and the user is now buried in
one of the servlets, and I've lost t
efore getting to the servlet. But if the user spends too much time
interacting with the servlet and not reloading one of the pages that
require a login, the session will timeout, and the user is now buried in
one of the servlets, and I've lost the session/userprincipal. It
appears that interact
Joey,
On 5/7/24 10:50, Joey Cochran wrote:
Coud this be the culprit ?
${CATALINA_BASE}/conf/context.xml
Possible, but the report was that every single request generates a new
JSESSIONID, not that every session seems to have expired and needs to be
re-initialized
<%@ page session="false" %>
Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default t
Thank you Mark,
We have har files when the server is in error state, it shows that the
jsessionid is sent in request.
*Is there a reverse proxy in the mix?*
No. we directly access tomcat.
*Are you using sessions at all*
Yes, we are using the default tomcat session in debugger it says
tarts creating new session IDs for
every request,
That suggests that the client isn't returning the session ID to Tomcat
for the subsequent request. I'd be asking why that is the case.
Is there a reverse proxy in the mix?
Are you using sessions at all or are they completely disabled?
Hello everyone,
We're having a problem with Tomcat on Windows servers. It only happens when:
Tomcat is running as a service (automatically started by Windows).
The Windows server automatically restarts for updates.
After the restart, Tomcat starts creating new session IDs for
every request,
Hello,
I am running Tomcat 10.1.20 with Java 17
But our session data is being lost.
Here is snippet of the clustering I have defined
om: Chuck Caldarale
Sent: Saturday, April 13, 2024 4:00 PM
To: Tomcat Users List
Subject: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails
On Apr 11, 2024, at 09:07, Rick Noel wrote:
We are getting closer
Changing ports from the 5000 range to the 4000 range stopped two
errors But now
er | Westwood One
rn...@westwoodone.com
-Original Message-
From: Chuck Caldarale
Sent: Saturday, April 13, 2024 4:00 PM
To: Tomcat Users List
Subject: [EXT]Re: [EXT]Re: Tomcat 10 session replication fails
> On Apr 11, 2024, at 09:07, Rick Noel wrote:
>
> We are getting closer
> Changing
Sort of off topic, but sort of related. If you're having tremendous
trouble using the built in replication methods, we built a redis based
session manager: https://github.com/exabrial/redex-sm
Currently redex-sm only works with Tomcat 8.5, but it wouldn't be a
big leap to make it work w
> On Apr 11, 2024, at 09:07, Rick Noel wrote:
>
> We are getting closer
> Changing ports from the 5000 range to the 4000 range stopped two errors
> But now I get this..
>
> INFO: Manager [##0001]: skipping state transfer. No members active in cluster
> group
>
> How to I make the me
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Chuck Caldarale
Sent: Thursday, April 11, 2024 9:14 AM
To: Tomcat Users List
Subject: [EXT]Re: Tomcat 10 session replication fails
[You don't often get email from n82...@gmail.com. Learn why this is impo
dAllSessions
> SEVERE: Manager [##0001]: No session state sent at [4/11/24, 8:13 AM]
> received, timing out after [60,068] ms.
> Apr 11, 2024 8:14:43 AM org.apache.catalina.ha.session.DeltaManager
> getAllClusterSessions
> WARNING: Manager [##0001]: Drop message [SESSION-GET-ALL] inside
Hi,
We have our app running on Tomcat10 and doing clustering,but are getting the
following errors seen int the Catalina log...
Apr 11, 2024 8:14:43 AM org.apache.catalina.ha.session.DeltaManager
waitForSendAllSessions
SEVERE: Manager [##0001]: No session state sent at [4/11/24, 8:13 AM
PM
To: Tomcat Users List ; Rick Noel
Subject: Re: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
Rick,
On 3/22/24 13:33, Rick Noel wrote:
> I do not want to replicate customer because that class does not
> imp
gular expression, so you can feel free to get super-creative
with the expression if you want to effectively create a deny-list with
one item.
Honestly, this is probably some technical dept worth paying off at this
point.
Another option would be to store the object in a wrapper in the session
tha
22, 2024 1:27 PM
To: users@tomcat.apache.org
Subject: Re: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute :
On 22/03/2024 15:43, Rick Noel wrote:
> Mark,
>
> So if my customer object is failing to get set in th
On 22/03/2024 15:43, Rick Noel wrote:
Mark,
So if my customer object is failing to get set in the session replication,
I could add this to the config snippet?
sessionAttributeNameFilter="customer"
You set that to the attributes you DO want to replicate, not the ones
you don'
the application code itself)
Rick Noel
Systems Programmer | Westwood One
rn...@westwoodone.com
-Original Message-
From: Rick Noel
Sent: Friday, March 22, 2024 11:43 AM
To: Tomcat Users List
Subject: RE: [EXT]Re: Tomcat session replication issue -
java.lang.IllegalArgumentExceptio
Mark,
So if my customer object is failing to get set in the session replication,
I could add this to the config snippet?
sessionAttributeNameFilter="customer"
so
On 22/03/2024 15:15, Rick Noel wrote:
Is there a way to configure DeltaManager or the Cluster element so it does not
cause my application to throw this error.
22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
Is there a way to configure DeltaManager or the Cluster element so it does not
cause my application to throw this error.
22-Mar-2024 10:56:34.382 SEVERE [http-nio-8586-exec-5]
org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for
servlet [jsp] in context with path [##00
Chris,
I think maybe Mark answered a similar question a while back indicating the
only supported method within the Servlet API was custom session tracking. I
could be remembering incorrectly. That's what we do however, because
without "snooping" into the Tomcat internals, I don&#x
Hi Chris
On 27.02.24 15:19, Christopher Schultz wrote:
All,
I'm looking at building some administrative tools into my application,
and I'd like to be able to inspect user sessions for certain attributes.
I know that I can use JMX to make calls to the (session) Manager, but
it look
All,
I'm looking at building some administrative tools into my application,
and I'd like to be able to inspect user sessions for certain attributes.
I know that I can use JMX to make calls to the (session) Manager, but it
looks like the only things really exposed are
On 01/02/2024 17:48, Ryanesch@yahoo wrote:
On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote:
On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then looking up the user principal. If
Dan,
On 2/1/24 11:54, Dan McLaughlin wrote:
I was able to identify the problem - there was a session configuration with
cookie configuration in the catalina-base/web.xml file.
catalina-base/conf/web.xml?
I did mention on 26 Jan that this wasn't a good idea and could be
causing this ki
Hey Mark,
I was able to identify the problem - there was a session configuration with
cookie configuration in the catalina-base/web.xml file.
I just wanted to suggest that it would be great if logging could be enabled
to show not only what the parameters were set to, but also where the
values
>
> On Feb 1, 2024, at 10:34 AM, Mark Thomas wrote:
>
> On 31/01/2024 00:15, Ryan Esch wrote:
>> From what I understand, the container knows if a user is authenticated by
>> using the session id passed to it and then looking up the user principal. If
>>
On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then looking up the user principal. If
this is non-null, the user is authenticated. I am using web.xml with security
constraints and
On 27/01/2024 14:38, Dan McLaughlin wrote:
Hey Mark,
If you see a bug report, then that will mean I was able to reproduce it. I
see different behaviors in our local docker environment. Still, it's
nowhere as complex as our production environment--where everything is
clustered and behind load
What should happen if
session.getAttribute("javax.security.auth.subject") returns a non-null
value?
-Terence Bandoian
On 1/30/2024 5:15 PM, Ryan Esch wrote:
>From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then l
>From what I understand, the container knows if a user is authenticated by
>using the session id passed to it and then looking up the user principal. If
>this is non-null, the user is authenticated. I am using web.xml with security
>constraints and UsersRoleLoginModule defined
in the context.xml. We don't set it anywhere in our code that I could
> find,
> > and it's not in our web.xml either. I also checked the server.xml and
> > context.xml in catalina base, and nothing sets anything related to the
> > session cookie.
> >
> >
de that I could find,
and it's not in our web.xml either. I also checked the server.xml and
context.xml in catalina base, and nothing sets anything related to the
session cookie.
Locally in docker, I could confirm that if you don't set anything except
the cookie processor, then you end up w
web.xml either. I also checked the server.xml and
context.xml in catalina base, and nothing sets anything related to the
session cookie.
Locally in docker, I could confirm that if you don't set anything except
the cookie processor, then you end up with a JSESSIONID with a cookie path
that is
Dan,
On 1/26/24 02:44, Dan McLaughlin wrote:
Well, so much for that theory. __Secure-JSESSIONID still sets the
sessionCookiePath to /. I even removed the entire session-config from the
web.xml and turned on copyXML to extract the secure#Foo.xml out to the
conf/Catalina/localhost folder. Based
t; useNaming="false"
> sessionCookieName="__Host-JSESSIONID"
> sessionCookiePath="/secure/Foo"
> useHttpOnly="true"
> cookies="true"
> logEffectiveWebXml="false">
>
>
>
> Since setting the cooki
Well, so much for that theory. __Secure-JSESSIONID still sets the
sessionCookiePath to /. I even removed the entire session-config from the
web.xml and turned on copyXML to extract the secure#Foo.xml out to the
conf/Catalina/localhost folder. Based on the documentation, if I don'
To give more context we originally moved to use __Host-JSESSIONID but were
seeing issues with the cookie getting overwritten when switching between
application contexts on the same host. I thought the routeid would play a
part in keeping the session cookies separate, but the browsers apparently
;
>> skipMemoryLeakChecksOnJvmShutdown="false"
>> copyXML="false"
>> unloadDelay="1"
>> useNaming="false"
>> sessionCookieName="__Host-JSESSIONID"
>> sessionCookiePath="/secure/Foo"
>&g
ePath="/secure/Foo"
> useHttpOnly="true"
> cookies="true"
> logEffectiveWebXml="false">
>
>
>
> Since setting the cookie path wasn't working using the context.xml, we
> removed all the cookie settings except for the Cookie
use the cookie-config in web.xml.
In our web.xml, we have default-context-path at the top, and we have
session-config at the bottom. Everything is in the order defined in the xsd.
/secure/Foo
30
__Host-JSESSIONID
/secure/Foo
Session Cookie
true
true
-1
Channa,
On 10/27/23 00:07, Channa Puchakayala wrote:
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers
ignoring session timeout configured in tomcat
conf web.xml
26 Oct 2023 05:01:49 Channa Puchakayala
:
> Hi All,
>
>
> Tomcat Version : 9.0.75
> Operating System: Windows and Linux
> Bits: 64
>
>
> Tomcat 9.0.75 ignoring session timeout configured in
> tomcat/conf/web.
2023 05:07:20 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting
customers.
==
26 Oct 2023 05:01:49 Channa Puchakayala
:
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in
tomcat/conf/web.xml, it is overriding previous session timeout setting
and effecting existing customers
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 not honoring session timeout configured in
tomcat/conf/web.xml for FORM Authentication and it is effecting customers.
==
30 // 30 minutes
Hi All,
Tomcat Version : 9.0.75
Operating System: Windows and Linux
Bits: 64
Tomcat 9.0.75 ignoring session timeout configured in tomcat/conf/web.xml,
it is overriding previous session timeout setting and effecting existing
customers.
==
30
, want to set a breakpoint. Does
anybody know a code place in tomcat where I can set a breakpoint when
the session timeout is handled?
If you just want to find out what is killing your session, you could
register an HttpSessionListener and dump stack traces to the log any
time a session is either
Find all implementations of Session, then set breakpoiunt on
session.invalidate() would be a good place to start. Another good place
would be your SessionManager as it has several interesting methods.
The JVM's JDI does not allow you to set breakpoint on an interface, but
some IDE's ha
code place in tomcat where I can set a breakpoint when the session timeout is
handled?
Best regards,
Helge
[cid:image001.png@01D9BEEA.8EF13F20] <https://www.de-adp.com/>
Helge Wiemann
Application Developer
Mary-Somerville-Str. 4, DE- 28359 Bremen
T: +49 800 000 6898
helge.wiem...@a
Trying to make a PCI-DSS compliant installation. It looks like this filter
does everything that Apache can do with config files, so I'll leave it out.
Kevin Huntly
Email: kmhun...@gmail.com
Cell: 716/424-3311
On 13/04/2023 23:03, Kevin Huntly wrote:
Hello,
With this filter enabled in Tomcat's web.xml:
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true
My sessions are being immediately lost. If I comment out the filter,
everythis is fine. What
Hello,
With this filter enabled in Tomcat's web.xml:
httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true
My sessions are being immediately lost. If I comment out the filter,
everythis is fine. What does this filter actually do, and is it require
Hi,
I'm using the Redis Session Manager
(https://jitpack.io/p/ran-jit/TomcatClusterRedisSessionManager)
to replicate sessions in a Tomcat cluster.
When the Redis database is down, a 500 response is returned in every request.
In this case I would rather like to switch back to local se
Saicharan,
On 3/2/22 07:42, saicharan.bu...@wellsfargo.com.INVALID wrote:
Can you assist on how to retain session in server (Tomcat Apache)
once user log in to till log off? we have two node instances half
part of log is coming in one instance and other logs are coming in
another instance for
found this blog which might be helpful
https://redisson.org/articles/redis-based-tomcat-session-management.html
Le mer. 2 mars 2022, à 21 h 14, Sundeep Kumar Paulraj
a écrit :
> Hi Saicharan Burle,
>
> Within the conf dir have the context.xml file, we can have the redis
> server
Hi Saicharan Burle,
Within the conf dir have the context.xml file, we can have the redis server
information here which would assist us with session permistence. Also note
that we might have to update the jar file in the relevant library ..
here i am sharing an abstract
WEB-INF/web.xml
Can you brief in detail, Can you send the sample configuration?
Thanks,
Saicharan Burle
-Original Message-
From: sundeep kumar
Sent: Wednesday, March 2, 2022 6:16 PM
To: Tomcat Users List
Subject: Re: Need to retain session in server (Tomcat Apache) once user log in
to till log off
I think we can use redis as session manager . Need to update it in context.xml .
Sincerely || Sincèrement,
Sundeep Kumar Paulraj
> Le 2 mars 2022 à 20:43, saicharan.bu...@wellsfargo.com.invalid a écrit :
>
> Hi Team,
>
> Can you assist on how to retain session in server (Tomc
Hi Team,
Can you assist on how to retain session in server (Tomcat Apache) once user log
in to till log off? we have two node instances half part of log is coming in
one instance and other logs are coming in another instance for same user.
Regards,
Saicharan Burle
CTO | Middleware Product
Many thanks Mark!
-Original Message-
From: Mark Thomas
Sent: 01 February 2022 09:25
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
On 31/01/2022 14:54, Alan F wrote:
> Many thanks Chris,
>
> Don't laugh I was looking at those values after
om: Christopher Schultz
Sent: 31 January 2022 14:46
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
All,
On 1/31/22 08:04, Keiichi Fujino wrote:
If you use StaticMembershipService, you must set
Cluster#channelStartOptions to 15 (default).
To spell that out (since the docs aren&
h other non-members. Just make sure you have your ports
unique for each cluster and your membership ids unique for each node in
each cluster.
-chris
-Original Message-
From: Christopher Schultz
Sent: 31 January 2022 14:46
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replica
thout
interference ie specifying group or unique id etc.
-Original Message-
From: Christopher Schultz
Sent: 31 January 2022 14:46
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
All,
On 1/31/22 08:04, Keiichi Fujino wrote:
> If you use StaticMembershipService, you
rom: Mark Thomas
Sent: 28 January 2022 18:15
To: users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
On 28/01/2022 17:05, Alan F wrote:
We are currently getting traffic from all cluster members in other
environments using .staticmember opposed to multicast can I confirm why
this is see below
>
>
>
>
>filter=""/>
>className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>
>
>className="org.apache.catalina.ha.deploy.FarmWarDeployer"
> tempDir="/opt/tomcat/war-te
users@tomcat.apache.org
Subject: Re: Tomcat 9 Session replication
On 28/01/2022 17:05, Alan F wrote:
> We are currently getting traffic from all cluster members in other
> environments using .staticmember opposed to multicast can I confirm why this
> is see below.
>
> What do we need to set
On 28/01/2022 17:05, Alan F wrote:
We are currently getting traffic from all cluster members in other environments
using .staticmember opposed to multicast can I confirm why this is see below.
What do we need to set here for a clustered pair to make them unique and talk
to eachother only witho
We are currently getting traffic from all cluster members in other environments
using .staticmember opposed to multicast can I confirm why this is see below.
What do we need to set here for a clustered pair to make them unique and talk
to eachother only without seeing traffic from other members
NCER_SESSION_ROUTE is
one of tc1 or tc2 when the client sends an appropriate session cookie
(generated by Tomcat).
Alternatively, the difference between the 2 configurations may be due to
a question of priority (or "overriding"). Apache httpd considers
content at a different tim
at-1/ route=tc1
BalancerMember https://tomcat-2/ route=tc2
ProxyPass /myapp/ balancer://myapp/ stickysession=JSESSIONID|jsessionid
scolonpathdelim=On
ProxyPassReverse /myapp/ balancer://myapp/
I found that httpd wasn't picking-up my session ids from JSESSIONID cookies like
762341329765492
BalancerMember https://tomcat-1/ route=tc1
BalancerMember https://tomcat-2/ route=tc2
ProxyPass /myapp/ balancer://myapp/ stickysession=JSESSIONID|jsessionid
scolonpathdelim=On
ProxyPassReverse /myapp/ balancer://myapp/
I found that httpd wasn't picking-up my session ids from
On 21/05/2021 05:51, Mathiazhagan, Saravanakumar TPC wrote:
Hi Mark,
Thanks for the quick response.
I suspect some sort of configuration issue. A guess would be that JBoss
EAOP isn't configured to append the jvmRoute (to use the Tomcat
configuration setting name) to the session ID
Hi Mark,
Thanks for the quick response.
>I suspect some sort of configuration issue. A guess would be that JBoss
>EAOP isn't configured to append the jvmRoute (to use the Tomcat
>configuration setting name) to the session ID.
I configured IE to show prompt when cookies are set.
On 18/05/2021 19:53, Mathiazhagan, Saravanakumar TPC wrote:
Can you please let me know if the above 32-bit isapi_redirect.dll file can be
used with Jboss EAP 7.2.7 server?
If so, please guide me on what could be causing the sticky session issue.
I can't think of any reason why no
Hi,
I am trying to configure the ISAPI redirector for Microsoft IIS web server to
Jboss EAP7.2 app server and facing issues with Load balancing.
The requests for the same session are not sticking to a single server and keeps
switching between different servers, hence session is getting cleared
On 17 May 2021, at 22:19, Christopher Schultz wrote:
> Leo,
>
> On 5/15/21 21:16, leo wrote:
>> Hi Folks
>>
>> In a small scale personal project served by Tomcat I record things per
>> logged-in user. The user is available as an attribute to Tomcat’s sessio
On 17 May 2021, at 16:41, Luis Rodríguez Fernández wrote:
> Hello Leo,
>
> You can add your custom header in the response via the
> HttpServletResponse.addHeader() [1] method.
>
That’s exactly what I was looking for!
…However it doesn’t help much, because I have just discovered that JavaSCrip
Leo,
On 5/15/21 21:16, leo wrote:
Hi Folks
In a small scale personal project served by Tomcat I record things per
logged-in user. The user is available as an attribute to Tomcat’s
session objects. In the JSP pages I retrieve the session object *through
Java* like this
may 2021 a las 3:54, leo ()
escribió:
> Rony,
>
> Thanks for chiming! :-)
>
> >> […] In the JSP pages I retrieve the session
> >> object *through Java* like this
> >>
> >> <%
> >> HttpSession session = reques
Rony,
Thanks for chiming! :-)
>> […] In the JSP pages I retrieve the session
>> object *through Java* like this
>>
>> <%
>> HttpSession session = request.getSession();
>> ...
>> user = (String)session.getAttribute("us
Leo,
On 16.05.2021 03:16, leo wrote:
> Hi Folks
>
> In a small scale personal project served by Tomcat I record things per
> logged-in user. The user is
> available as an attribute to Tomcat’s session objects. In the JSP pages I
> retrieve the session
> object *th
Hi Folks
In a small scale personal project served by Tomcat I record things per
logged-in user. The user is available as an attribute to Tomcat’s
session objects. In the JSP pages I retrieve the session object *through
Java* like this
<%
HttpSession session = request.getSess
I have a web site that is made up of several individual webapps all tied
together with SingleSignOn. We are using Amazon's Load Balancer with
session affinity. However each webapp is generating it's own session
cookie, so the load balancer is routing to different server instances
> > >> but websocket requests seems to not warming up the HttpSession
> > >>
> > >
> > > The websocket messages do not bring the JSESSIONID cookie/request
> > parameter
> > > and there is no way to lookup the http session from the web containe
aybe offtopic
> >> but websocket requests seems to not warming up the HttpSession
> >>
> >
> > The websocket messages do not bring the JSESSIONID cookie/request
> parameter
> > and there is no way to lookup the http session from the web container
> > (
forth with ajax calls to the
server. The ajax activities within the page could last well over the 30
minute session timeout. Even though the user has been actively working
for 30-45 minutes with lots of server calls, all of a sudden they aren't
logged in any more. The ajax calls are
1 - 100 of 3827 matches
Mail list logo
