Recently we were testing one application with tomcat 9.0.43 where one application path was starting with sso/ and one was starting with normal/. We were redirecting to normal/ path from sso/ path. We found that the values we set in HttpSession were missing in normal/ path.
After a lot of debugging we found out that Tomcat 9 was creating two sessions for same client one for sso/ path and one for normal/ path. That is why values set in HttpSession were missing. I wrote following sample jsp file to demonstrate the behavior.
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<body>
<%
String sessionStr = request.getSession().toString();
%>
Session:<%=sessionStr%>
</body>
</html>
I placed the file at two locations. One under sso/index.jsp and one under normal/index.html and hit both of them from same browser and output was following.
SSO: Session:org.apache.catalina.session.StandardSessionFacade@2ca7ac8e
Normal: Session:org.apache.catalina.session.StandardSessionFacade@4b992f7e
This problem looks like to be fixed in tomcat 9.0.54
No comments:
Post a Comment