Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

jsp session problem when proxy passing 1

Status
Not open for further replies.
connectionscentres

connectionscentres

Programmer
Jan 5, 2005
16
GB
ok, we've written a nice little jsp webapp and got it deployed on tomcat 5.5 on a development machine. It works great and loads fine on


When it comes to deploying it online it has to go on another machine which will host it with tomcat installed (exact same version). It has happily been deployed and is accessible via


We own a domain and are planning on redirecting people going to apname.ourdomain.com to the IP address of the tomcat web app. However we are reluctant to expose the server where tomcat is installed directly to the internet. Therefore we have apname.ourdomain.com directing users to


which in turn proxy passes any request for the directory tree to the relevant directory on i.e.


.

When you go to the URL


it loads up our webapp's login screen. You can log in successfully and it is performing database lookups ok which seems to suggest tomcat is working. However, as soon as you are logged in it immediately forgets the session attributes. So whatever info you store as a session.setAttribute is lost. This is the case throughout the application when accessed via this new address.

So the question is, why does it work ok for


but not so well for


In theory it should. Maybe??

Any help would really be appreciated.
 
Sort by date Sort by votes
Session data is based upon a cookie left on the browser. But if your request.getRemoteAddr() gives up your proxy as the client address, then it cannot store the session id on the client - hence no session data. Is this what is happening ?

Click here to learn Ways to help with Tsunami Relief
--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
I guess so - I didnt realise session data was stored on the client - I just assumed it was stored on the host machine with tomcat, as the book i'm reading refers to them as session "objects" implying that they are dealt with in java.

Thanks for the help!!!- you've given me a good starting point for further investigation.
 
Upvote 0 Downvote
Each HttpSession object is indeed stored on the server (inside the memory heap of the JVM running Tomcat), but there has to some way of tying this to a client - and this is using a cookie (on browsers that won't accept cookie url-rewriting is done). Else, how would several browsers from one IP have different sessions ?

Click here to learn Ways to help with Tsunami Relief
--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
I'm a novice but I have been reading on this topic recently in the O'Reilly Java Server Pages book which I bought based on a recommendation on this board.

Page 142 specifically states that when using URL rewriting, all pages that reference other pages in the application must be JSP pages or the server will lose track of the session.

URL rewriting sounds like the method of choice to avoid problems with clients who have dis-abled cookies.
 
Upvote 0 Downvote
Well thats fine for client browsers that do not have cookies diabled, but what about the ones that do ? I'm not sure how, or if you can, tell Tomcat to always use URL rewriting ... I would be interested to see what IP request.getRemoteAddr() returns - the browser or the proxy ...

Click here to learn Ways to help with Tsunami Relief
--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
You're right, it returns the IP of the proxy not the browser. So- in this case do you think URL rewriting would work?
 
Upvote 0 Downvote
As I said before, I'm really not sure how you would get tomcat to always use URL rewriting - you may have to look at the source, and see if its possible.

I think your best solution is to (like most people) stick your web server in the DMZ ...

Click here to learn Ways to help with Tsunami Relief
--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
Problem:
I've tried setting up URL rewriting by inserting

<DefaultContext cookies='false' />

into the Host element of the server.xml file.

Tomcat restarts successfully but urls do not contain any extra parameters. So I then wrote a jsp containing the following

Integer num = new Integer(100);
session.putValue("num",num);
String url = response.encodeURL("out.println(url);

but the original URL is outputted. Does this mean I havent set up URL rewriting correctly?
 
Upvote 0 Downvote
sorry, posted before reading your message. I think you're right and that's probably what I'll do.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

wmec
  • Locked
  • Question
Problem to fields/columns
Replies
1
Views
327
wmec
wmec
Leonard888
  • Locked
  • Question
SSL Configuration for Apache Tomcat 5.5 Servlet/JSP Container
Replies
1
Views
458
Diancecht
Diancecht
pedjasmek
  • Locked
  • Question
ssl problem
Replies
1
Views
58
Diancecht
Diancecht
consultant44
  • Locked
  • Question
Tie_kinetics eVision - workflow problems
Replies
0
Views
265
consultant44
consultant44
varocho
  • Locked
  • Question
Creating a stateless session EJB
Replies
1
Views
56
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top