开发者

why does tomcat create a session cookie for every request?

开发者 https://www.devze.com 2023-02-18 11:28 出处:网络
I\'m developing a simple web app using JSP/servlets on Tomcat. I have an index.jsp page that presents the UI and loads JS code that makes repeated \"polling\" AJAX requests - simple stuff.

I'm developing a simple web app using JSP/servlets on Tomcat. I have an index.jsp page that presents the UI and loads JS code that makes repeated "polling" AJAX requests - simple stuff.

The problem is that each ajax request returns a new jsessionid, so data I'm trying to store in the session o开发者_运维问答bject is lost each time.

This problem does NOT occur on my dev machine where I am calling tomcat directly, it only happens in staging / live environment where requests go through Apache (on my dev machine I call localhost.../path/index.jsp and localhost.../path/ajax.jsp - in live env apache routes domain.com to domain.com/path/index.jsp and domain.com/ajax.jsp to domain.com/path/ajax.jsp)

I verified that I don't have useHttpOnly param or useCookies configured anywhere. We are using tomcat 6 BTW.

Could it be an apache-tomcat interaction issue?

Thanks for any help!


Could this be a problem with path of the cookies. Maybe session cookies are getting tied to domain.com/path. But from browser's point of view, path is domain.com/

Setting the cookie path to / would make browser to send cookies to domain.com/ as well.

Can you inspect cookies in Firebug / Fiddler and post the content here?


Unfortunately, the Servlet API is rather liberal in creating sessions. Various tools have default behaviors which can implicitly create sessions in the background. It's very easy for an application to "accidentally" create a session, even when one was not explicitly requested.

An an example, JSPs will often create a session if one doesn't already exist. This allows JSPs to use the implicit session variable. As a second example, the request.getSession() method will also automatically create a session if one doesn't already exist.

http://www.javapractices.com/topic/TopicAction.do?Id=191

i think the cause of the issue is explained above


Try <%@ page session="false" %> at the top of index.jsp. If this does the trick then find another way to store the values (in request scope)

0

精彩评论

暂无评论...
验证码 换一张
取 消