ansaurus

Question

Session is lost and created as new in every servlet request

Answer 1

+3 A:

Try adding the Live Http Headers plugin to firefox, and make sure the session cookie is indeed being passed to the browser from the server, and make sure the browser is sending it back again on the next request.

skaffman 2010-01-26 08:44:50

or FireBug (http://getfirebug.com/)

Bozho 2010-01-26 08:56:08

But, How? I used sessions in lot of projects. I have never faced this issuse. Can you please give me how to send it back to the browser? It's not only happening in Firefox, it's also happening in the other browsers.

2010-01-26 09:00:19

I'm not saying that it's browser-related, but the plugin will allow you to see the cookie being passed back and forth (or not, as the case may be). It won't tell you *why*, but it may tell you *what*.

skaffman 2010-01-26 09:51:02

I got this when i POSTSet-Cookie: JSESSIONID=D02AE9722D84B1E404C80125F5CD23BF; Path=/myappand i got this after i've refresh my page.Set-Cookie: JSESSIONID=F23780E7F8085624EBF25F3EB3DFF45D; Path=/myapp

2010-01-26 10:20:41

Answer 2

+1 A:

Please verify if the session is not being invalidated in your code someplace. Look for code similar to request.getSession().invalidate();

Kees de Kooter 2010-01-26 08:51:13

I already checked. Actually, it is working fine on my machine which is a development machine, but, in the server

2010-01-26 08:52:52

In that case there is apparently a difference in configuration between your dev server and your live server. Please add the web.xml snippets you modified to your question.

Kees de Kooter 2010-01-26 09:43:07

Answer 3

A:

First check if the webapp's context.xml does not have cookies="false" configured.

Further it's good to know that cookies are domain, port and contextpath dependent. If the links in the page points to a different domain, port and/or contextpath as opposed to the current request URL (the one you see in the browser's address bar), then the cookie won't be passed through which will cause that the session cannot be identified anymore and thus you will get a new one from the servletcontainer.

If that is not the cause, then check if you aren't doing a redirect on every request using HttpServletResponse.sendRedirect() for some reason. If you do this already on the very first request, then the cookie will get lost. You'll need to replace

response.sendRedirect(url);

by

response.sendRedirect(response.encodeRedirectURL(url));

BalusC 2010-01-26 12:09:56

I am using Forward...

2010-01-27 10:28:02

Answer 4

+1 A:

One possible cause for this is having a "naked" host name (i.e. one without a domain part). That's fairly common if you're working in an Intranet.

The problem is that almost all browsers cookies will not accept cookies for hostnames without a domain name. That's done in order to prevent evilsite.com from setting a Cookie for com (which would be bad, as it would be the ultimate tracking cookie).

So if you access your applicaton via http://examplehost/ it won't accept any cookie, while for http://examplehost.localdomain/ it will accept (and return) the cookie just fine.

The nasty thing about that is that the server can't distinguish between "the browser got the cookie and ignored it" and "the browser never got the cookie". So each single access will look like a completely new sesson to the server.

Joachim Sauer 2010-01-26 12:15:47

That's a nice one. +1.

BalusC 2010-01-26 12:17:27

I already tested with the application even in the server using localhost. It is causing the same issuse. In this project, I am using Jersey REST service, JCaptcha and custom tag.

2010-01-27 10:22:03

What is very strange is, I installed Glassfish on the server and deploy the application on the glassfish. Still the same problem...I am completely lost.

2010-01-27 10:23:04

ansaurus

tags:

views:

answers:

Session is lost and created as new in every servlet request

related questions