8 Replies Latest reply on Nov 29, 2010 11:53 AM by Dan Rush

    new session id with new browser window with tomcat 6.0.29

    Dan Rush Newbie

      I have a webapp deployed to jboss 4.2.3.GA(including tomcat 6.0.20) with a IIS frontend using AJP 1.3.  IIS is using CAC authentication and will forward to jboss when successfull.  The first jsp that is hit after login, saves request.getRemoteUser() to session, creates a user object and saves that to session, and then it opens a new window to load a second jsp.  This second jsp reads the user object from session and begins to populate page with user specific info.  This setup works good.


      However, when I upgrade jbossweb.jar to tomcat 6.0.29, the session id is different between the 2 jsp pages, so I never can get the user object out of session in the second jsp and it fails to populate.  Both jsp's are in the same web context.  I tried firefox and IE 7.  It seems like the new browser window is causing the second jsp to report a different session id than the first jsp.


      Is there a configuration setting that I need to set for 6.0.29?


      Here is my server.xml snippet:


      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
        maxThreads="150" scheme="https" secure="true" clientAuth="false"
        strategy="ms" address="${jboss.bind.address}"
              ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
              truststorePass="123456" algorithm="SunX509" sslProtocol="TLS"
        URIEncoding="UTF-8" />
          <!-- Define an AJP 1.3 Connector on port 8009 -->
          <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
               emptySessionPath="true" enableLookups="false" redirectPort="8443"
         URIEncoding="UTF-8" />


            <Engine name="jboss.web" defaultHost="localhost">


      Here is my jboss-web.deployer/context.xml:


      <Context cookies="true" crossContext="true" useHttpOnly="true">
         <!-- Session persistence is disable by default. To enable for all web
         apps set the pathname to a non-empty value:
         <Manager pathname="SESSIONS.ser" />

         To enable session persistence for a single web app, add a
         <Manager pathname="" />

         <!-- Install an InstanceListener to handle the establishment of the run-as
         role for servlet init/destroy events.