Reputation: 13
is normal keep value when tomcat restart after JSESSIONID was create
Environment - openjdk 1.7 - tomcat 7.0.55 with native connector - apache 2.4.10 with mod-jk 1.2.40
- Tomcat start
- Client request -> JSESSIONID is null
- tomcat response -> JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98 is create
- refresh page -> session attribute(name=count, value=count++) is correct. count is increasing.
- Tomcat stop -> start (restart) context setting is session is not persist
- Client refresh -> client request is send JSESSIONID=C5EBF0AA96ADB34E0C28E4D9D2595D98
- session attribute(name=count, value=0) is reset. but keeping JSESSIONID
question. why tomcat using JSESSIONID set by client request value? is not regenerate?
is this java spec?
thanks.
Upvotes: 1
Views: 1129
Answers (1)
Reputation: 724
I don't think it is in Java spec, I would think of it as of some kind of optimization: re-using session id in general reduces number of generated ids and though possible collisions.
However tomcat will do that only for sesionids stored in cookies (for security purposes See http://java.dzone.com/tips/turning-session-fixation for details).
To actually locate a place where tomcat 7 does this see: http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.55/org/apache/catalina/connector/Request.java#2942
Upvotes: 1
Related Questions
- JSP still creates jsessionID with session=false
- How does tomcat handles session between restarts?
- jsessionid is saved and used even after reboot\re-installation of the service
- Value of JSESSIONID is not changed on invalidating session
- Tomcat 7 creating multiple sessions
- JSESSIONID is getting recreated automatically after successful login
- Session JSession Id in tomcat 5.5.27
- JSP Session id changes on every refresh
- Should values kept in Tomcat Session be set to null when session is being destroyed?
- Java,Tomcat,Sessions - JSessionId disappears