On Tue, Nov 4, 2008 at 9:21 PM, Jan Luehe <Jan.Luehe_at_sun.com> wrote:
> Hi Dick,
>
> On 11/ 4/08 12:56 PM, Dick Davies wrote:
>>
>> I'm seeing some weirdness with Firefox and my Glassfish cluster; I'm
>> continually being
>> asked to log in.
>> I noticed in addition
>> to the JSESSIONID cookie, there's an integer set called
>> JSESSIONIDVERSION. Can someone
>> explain how that's used?
> GlassFish in-memory replication relies on HTTP session versioning in order
> to be able to
> detect stale sessions, and in order to be able to resume an HTTP session
> with the version
> requested by the client (which would be the session's most recent version).
>
> Session versioning information is carried via a cookie named
> JSESSIONIDVERSION.
Thanks Jan, that makes a lot of sense.
So to clarify, this is something Glassfish (the appserver) is managing,
rather than Roller (the webapp), am I right? It's just it's not always easy to
tell which of the two needs a tweak for any given bug :)
Does the following sound normal, then?
Bear with me and maybe you'll understand why I was asking if there was
a session debugger earlier today :)
Once I've logged in, Safari has 2 cookies
JSESSIONID = <the session id>, path = /
JSESSIONIDVERSION cookie , path = / , contents = /:43
as i click around the webapp, the contents increments: /:44 , /:45 , etc.
and the path remains as /.
But logging in with Firefox 3 and clicking around the app
seems to create multiple cookies called
JSESSIONIDVERSION , each with a different path.
For example, I currently see:
JSESSIONID = <the session id>, path = / , (only send for encrypted connections)
JSESSIONIDVERSION cookie , path = / , contents = /:1
JSESSIONIDVERSION cookie , path = /default/resource/images/ , contents = /:2
JSESSIONIDVERSION cookie , path = /roller-ui/, contents = /:1
JSESSIONIDVERSION cookie , path = /roller-ui/styles/ , contents = /:4
JSESSIONIDVERSION cookie , path = /roller-ui/theme/tan/ , contents = /:5
So Safari seems to (corrrectly?) ignore the path
but firefox treats the combination of path+cookie name as unique,
resulting in duplicate jsessionidversion cookies, one per path, each versioned
independantly (which makes it possible for there to be 2 cookies each
with a version of /:1)
My hunch is that what I'm seeing is
1. firefox goes back to /roller-ui/styles and presents a
jsessionidversion of /:4,
2. glassfish is expecting /:5 and invalidates the session
3. the user gets to curse at the login screen again
Anybody seen anything like this before ??