7 Replies Latest reply on Feb 1, 2008 10:49 AM by Nestor Urquiza

    [JBAS-2568] Passing a cookie header with a spurious JSESSION

    Brian Stansberry Master

      A member of the community has expressed an interest in helping resolve http://jira.jboss.com/jira/browse/JBAS-2568, so I'm opening this thread to facilitate discussion.

      Lepe,

      I don't have any really good idea as to what might be causing this issue. The class that controls session creation is the implementation of the Tomcat Manager interface. If a webapp isn't marked as distributable, the implementation used is org.apache.catalina.session.StandardManager -- which is the same class standalone Tomcat uses. That's why it's odd that the behavior is different in embedded JBoss.

      To hunt this down, I'd do something like the follows:

      0) Double check that this really isn't a problem in Tomcat 5.5.12 standalone. I've already done this twice, but...
      1) Look at the StandardManager class and find the code points where it creates session objects and assigns their id. For this you'll need the Tomcat 5.5.12 code, which is available from tomcat.apache.org.
      2) Look for places in the JBoss code that call into those code points. These would be in the tomcat module. Best to work with a Branch_4_0 checkout from CVS. At this point don't worry about the o.j.web.tomcat.tc5.session.JBossManager class or it's subclasses JBossCacheManager and JBossManagerCMP -- those are replacements for StandardManager used for distributed sessions and I've already established that the problem exists even if you use StandardManager.

      This approach is based on the assumption that if it behaves differently in embedded Tomcat, some JBoss code must be involved in the different behavior. Feel free to question that assumption :-)