Mysterious HttpSession and session-config dependency

Posted by OneMoreVladimir on Stack Overflow See other posts from Stack Overflow or by OneMoreVladimir
Published on 2012-06-05T16:37:33Z Indexed on 2012/06/05 16:40 UTC
Read the original article Hit count: 177

Filed under:

session

|

java-ee

|

ssl

Good day. I'm developing a Java web app with Servlets\JSP using Tomcat 7.0. During request from client I put and object into the session and use forward. After the forward processing the same request the object can be retreived if the secure parameter is false otherwise it is not stored in session.

    <session-config>
        <session-timeout>15</session-timeout>
        <cookie-config>
            <http-only>true</http-only>
            <secure>true</secure>
        </cookie-config>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>

I've figured out that "...cookies can be created with the 'secure' flag, which ensures that the browser will never transmit the specified cookie over non-SSL...". I've configured Tomcat to use SSL, but that haven't helped. Changing the tracking mode to SSL haven't helped as well. How do session-config and HttpSession object correlate in this case? What could be the problem?

© Stack Overflow or respective owner

Related posts about session

any clue in these logs why keyboard audio and internet are messed up

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Jun 7 00:01:18 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 00:01:18 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 00:01:26 Isis polkitd(authority=local): Registered Authentication Agent for… >>> More
session variables lost between pages or use same variables

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Yesterday I learn many thing from you, especially from Marc and my problem was solved ( session variables lost between pages or use same variables ). But now I continue asking: I don't want to use Session ID(session.use_trans_sid = 1) between pages. But also I don't want to use same session… >>> More
WTSQuerySessionInformation returning empty strings

as seen on Stack Overflow - Search for 'Stack Overflow'
I've written a program which should query the Terminal Services API and print out some state information about the sessions running on a terminal services box. I'm using the WTSQuerySessionInformation function to do this and it's returning some data but most of the data seems to be missing... Does… >>> More
Can I set Session timeout for a specified Session variable differently than other Session Variables

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to set the timeout on a specific Session Variable in a .Net web application, but leave other Session variables alone. Is this possible? Example: I have 5 Session Variables Session(var1) Session(var2) Session(var3) Session(var4) Session(var5) I want to set it so that Session(var1) through… >>> More
PHP upgrade to 5.3 from 5.2, sessions no longer get stored

as seen on Server Fault - Search for 'Server Fault'
background link: http://stackoverflow.com/questions/7014945/php-upgrade-5-2-to-5-3-session-issue I have upgraded PHP on my 2008 std server from PHP 5.2 to PHP 5.3. Following the upgrade, sessions no longer work correctly. I have copied over the settings from my PHP.ini files which are applicable… >>> More

Related posts about java-ee

Why is Java EE 6 better than Spring ?

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Java EE 6 was released over 2 years ago and now there are 14 compliant application servers. In all my talks around the world, a question that is frequently asked is Why should I use Java EE 6 instead of Spring ? There are already several blogs covering that topic: Java EE… >>> More
Java EE 6?????????????? "?"????? ?????????????|WebLogic Channel|??????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
?Oracle WebLogic Server 12c??????????????????????Java EE?????Java EE 6??????????????????????????????Java EE 6?????????WebLogic Server 12c??????????Java????????????????????? 1?25????????Oracle WebLogic Server 12c Forum - ????????Java??????????? -?????WebLogic Server 12c??????? Java EE 6?? ~Java EE… >>> More
Java EE 6????????????????????????? ????????????????Oracle WebLogic Server 12c Forum?????|WebLogic Channel|??????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
Java EE 6?????????????????????????????Oracle WebLogic Server 12c??????????????????????????????????????? 1?25????????Oracle WebLogic Server 12c Forum - ????????Java??????????? -??????????·?????????WebLogic Server 12c??????? Java EE 6?? ~Java EE 6???????????????????~??????????????UFJ???????????????… >>> More
???????Java EE??????WebLogic Server 12c??????3???????Oracle WebLogic Server 12c Forum?????|WebLogic Channel|??????

as seen on Oracle Blogs - Search for 'Oracle Blogs'
???????2012?2?7??Java EE??????????·???????Oracle WebLogic Server 12c?????????????????????1?25????????????Oracle WebLogic Server 12c Forum - ????????Java??????????? -????Java EE 6?Java SE 7???????Java???????WebLogic Server 12c?????????????????·?????????????????????3??????????????????????(???)?Java… >>> More
ClassFormatError when using javaee:javaee-api

as seen on Stack Overflow - Search for 'Stack Overflow'
This is my pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4… >>> More