Reputation: 358
why does tomcat create a session cookie for every request?
I'm developing a simple web app using JSP/servlets on Tomcat. I have an index.jsp page that presents the UI and loads JS code that makes repeated "polling" AJAX requests - simple stuff.
The problem is that each ajax request returns a new jsessionid, so data I'm trying to store in the session object is lost each time.
This problem does NOT occur on my dev machine where I am calling tomcat directly, it only happens in staging / live environment where requests go through Apache (on my dev machine I call localhost.../path/index.jsp and localhost.../path/ajax.jsp - in live env apache routes domain.com to domain.com/path/index.jsp and domain.com/ajax.jsp to domain.com/path/ajax.jsp)
I verified that I don't have useHttpOnly param or useCookies configured anywhere. We are using tomcat 6 BTW.
Could it be an apache-tomcat interaction issue?
Thanks for any help!
Upvotes: 1
Views: 5132
Answers (3)
Reputation: 34016
Try <%@ page session="false" %> at the top of index.jsp. If this does the trick then find another way to store the values (in request scope)
Upvotes: 0
Reputation: 6241
Unfortunately, the Servlet API is rather liberal in creating sessions. Various tools have default behaviors which can implicitly create sessions in the background. It's very easy for an application to "accidentally" create a session, even when one was not explicitly requested.
An an example, JSPs will often create a session if one doesn't already exist. This allows JSPs to use the implicit session variable. As a second example, the request.getSession() method will also automatically create a session if one doesn't already exist.
i think the cause of the issue is explained above
Upvotes: 1
Reputation: 3827
Could this be a problem with path of the cookies. Maybe session cookies are getting tied to domain.com/path. But from browser's point of view, path is domain.com/
Setting the cookie path to / would make browser to send cookies to domain.com/ as well.
Can you inspect cookies in Firebug / Fiddler and post the content here?
Upvotes: 2
Related Questions
- Jsession in tomcat configuration
- Tomcat 7 is ignoring cookies?
- Tomcat - Custom Session Cookie Handling
- Supporting Sessions Without Cookies in Tomcat
- Tomcat session cookie doesn't expire
- Tomcat HttpSession Cookie Shared
- How do I get rid of tomcat default session id?
- How Tomcat cookies are formed?
- Tomcat application creates new session on page reload when visited through apache
- Cookie in Tomcat