tags:

views:

10

answers:

1
Q: 

synchronize servlet sessions

I've created a web app that uses OAuthentication to log in to Twitter and the login process works successfully on a single servlet. On that servlet I get the session for the user. However, once I move to another servlet for the first time and try to get the session again, a new one is created. I thought the web app would read client cookies and create one session for each client? Below, you can see that the client session ID remains the same throughout the OAuth process but changes on the new servlet. I put in encodedURLS in case cookies didn't work as well. But once I redo the OAuth process and try again everything syncs up...

Creating Authentication Session...
Session ID before getting Request Token: 5E5932F144E4838EFDD398407D4BA351
Retrieving request token...
Request token retrieved...
Session ID after getting Request Token: 5E5932F144E4838EFDD398407D4BA351
Swapping request token for access token...
Session ID: F97463A1A2D239B7E6D15D1C5FDAE26B
Sep 9, 2010 1:37:03 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet PostUpdatesServlet threw exception
java.lang.NullPointerException
    at com.twf.PostUpdatesServlet.doPost(PostUpdatesServlet.java:31)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:637)
+1  A: 

Sessions are domain and context dependent. If the both servlets are running on a different context (different webapp), then you need to configure the servletcontainer to allow session sharing among contexts. In Tomcat and clones you can do this by setting emptySessionPath attribtue to true.

If those servlets are actually running in the same context, then the problem lies somewhere else. It's hard to nail it down based on information given as far. Maybe HttpSession#invalidate() was been called or the client has sent an invalid jsessionid cookie with the request.

BalusC  2010-09-09 18:19:52
Thanks for the quick response. Both servlets are running in the same context/in the same web app. I run the OAuth on one servlet and pass the response to a JSP. And once in that JSP there's a link to the new servlet and in that new servlet the session ID changes. I'm pretty sure I haven't used invalidate anywhere within the webapp so I'm gonna hunt down why the client cookie either nullifies the ID or sends an invalid one.
Kirn  2010-09-09 18:29:49

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?