Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Session is lost and created as new in every servlet request

Tags:

java

servlets

session

tomcat

I have this big issue. My current session is gone every time I made a new request to Server.

I have checked in a lot of places. I can't find what's the problem. I also have included session-config in web.xml both in tomcat and application. I also enabled to accept cookies to my browsers. Tested in every browser. It's not working.

I am just developing a simple java ee applcation using JSP/Servlet. I am facing the problem only after I have deployed to tomcat in server machine.

like image 663
Min Soe Avatar asked Jan 26 '10 08:01

Min Soe

People also ask

What is session in servlet how it is created?

Session simply means a particular interval of time. Session Tracking is a way to maintain state (data) of an user. It is also known as session management in servlet.

How can you maintain session in servlet?

Servlet Session Management is a mechanism in Java used by Web container to store session information. Session tracking is a way to manage the data of a user, this is known as session management in servlet. Session in Java are managed through different ways, such as, HTTP Session API, Cookies, URL rewriting, etc.

What is session in servlets?

Session tracking is a mechanism that servlets use to maintain state about a series of requests from the same user (that is, requests originating from the same browser) across some period of time. Sessions are shared among the servlets accessed by a client.

Why Jsessionid is created?

JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.

1 Answers

One possible cause for this is having a "naked" host name (i.e. one without a domain part). That's fairly common if you're working in an Intranet.

The problem is that almost all browsers cookies will not accept cookies for hostnames without a domain name. That's done in order to prevent evilsite.com from setting a Cookie for com (which would be bad, as it would be the ultimate tracking cookie).

So if you access your applicaton via http://examplehost/ it won't accept any cookie, while for http://examplehost.localdomain/ it will accept (and return) the cookie just fine.

The nasty thing about that is that the server can't distinguish between "the browser got the cookie and ignored it" and "the browser never got the cookie". So each single access will look like a completely new sesson to the server.

like image 197
Joachim Sauer Avatar answered Sep 20 '22 21:09

Joachim Sauer
Sign in to Comment

Related questions

Setting a string in a body of httpResponse
How to query documents using "_id" field in Java mongodb driver?
Why isn't a final variable always a constant expression?
What is the issue with the runtime discovery algorithm of Apache Commons Logging
How to create a XML object from String in Java?
JavaMail API from Maven
How do I identify immutable objects in Java
A good Sorted List for Java
How to read a text file directly from Internet using Java?
Ignoring property when deserializing
Why does the H2 console in Spring Boot show a blank screen after logging in?
Java leaking this in constructor [duplicate]
Eclipse continue crashing
Add another java source directory to gradle script
Loading classes and resources in Java 9
How do I iterate over class members?
Error Importing SSL certificate : Not an X.509 Certificate
Deserializing polymorphic types with Jackson based on the presence of a unique property
How to pass custom object in Bundle?
How do I ignore case when using startsWith and endsWith in Java? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!