Discussions

Web tier: servlets, JSP, Web frameworks: Session seems to get invalidated (sometimes)

  1. Session seems to get invalidated (sometimes) (1 messages)

    Hi, all. We have a web app using Tomcat & Struts. Sometimes, a particular user (and potentially others) seems to be having sessions invalidated.

    After researching the problem a bit and printing out header information in our tomcat logs, we have found that the header information sometimes changes for this user.

    Here are 3 examples of the same user's header info (with matching info removed). Notice how the x-forwarded-for and via parameters change. Also, the user claims that they are not using squid or a 1.1 GC-FIREWALL. Is this something the ISP is doing?

    #1
    --
    via: 1.1 composer:3128 (squid/2.5.STABLE7), 1.0 GC-FIREWALL
    x-forwarded-for: 10.0.2.65, 127.0.0.1, 206.205.193.130
    cache-control: no-cache, max-age=259200

    #2
    --
    via: 1.1 GC-FIREWALL
    x-forwarded-for: 206.205.193.130
    cache-control: no-cache
     
    #3
    --
    via: 1.1 composer:3128 (squid/2.5.STABLE7), 1.0 GC-FIREWALL
    x-forwarded-for: 10.0.1.146, 127.0.0.1, 206.205.193.130
    cache-control: no-cache, max-age=259200

    Any help would be greatly appreciated. If there is any additional information that is needed, please let me know.

    Thanks,
    Jeff

    Threaded Messages (1)

  2. session id[ Go to top ]

    Check the session id (JSESSIONID) cookie. You may not have invalidated sessions but rather your users "lose" the connection to their session so they may appear to have died as their information is "gone".

    You may also be running into issues where session id cannot be propagated as a cookie and it needs url rewriting.

    Regards,

    Bruce