1

My tomcat application randomly invalidates the session information and the user if forced to log back in again. This only happens when the webapp is deployed with other specific web applications. When it is run by itself with no other app running, it works fine. There is a conflict somewhere, but I am unable to find it.

The webapp in question uses both the Spring and Hibernate frameworks. The other webapps do as well. Here is an example of what happens.

When I first log on, everything is fine.

JSESSIONID Matches

The JSESSONID matches in both the cookie and the management console. However, when using the application, it randomly terminates the session.

Session gone in Tomcat Console

When I another web request, the login page is shown and a new JSESSIONID has been generated.

From the research I have done, the JSESSIONID is generated whenever a JSP file is called and there is no current session. I don't understand why the session is being invalidated, but only when it is run alongside other applications. I have checked the memory usage, and I didn't notice a correlation between a memory drop and the sessions being invalidated. I guess that means that Tomcat isn't clearing sessions to free up memory.

Any help is much appreciated

Leos Literak
  • 8,805
  • 19
  • 81
  • 156
StylePotato
  • 167
  • 1
  • 13

2 Answers2

1

Check that session.setMaxInactiveInterval() is not programmatically configured in the other web applications. This would elicit the behavior you describe.

This method is slightly different from the session timeout value that you would find in your web.xml files. (Here's a good rundown.)

riddle_me_this
  • 8,575
  • 10
  • 55
  • 80
0

the following steps may help you:

  1. Are you sure that you did not override the default session time out value, Please check out your session time-out at runtime.
  2. from tomcat manager page (~/manager/html/list) see the status of your web application sessions and press on the value of your app sessions column.
mohamed sulibi
  • 526
  • 3
  • 12