在生产环境中 - 背后的Apache/mod_jk的tomcat_7_0_53 - 我们的客户报告所造成的损失的随机会话问题的问题。浏览器发回雄猫“可能有效” JSESSIONID但tomcat的重建会议,并响应浏览器重新JESSIONID
我们调查了启用AccessLogValve并排除请求处理中的错误会话处理,如以编程方式调用session.invalidate或session.setMaxTimeInterval等..我们通过HttpSessionListener接口实现捕获和记录HttpSessionEvent。
####################################################################################
##### Logging by AccessLogValve
##### At first access time tomcat sent cookie: JSESSIONID=ADDBC908E913C159A330C746ABFE2340;
82.112.204.155 - - [03/Mar/2016:08:27:03 +0100] "GET /rdsv5i/servlet/custom-logon/clienti-asp HTTP/1.1" Cookie="__utma=31431036.270103424.1433757878.1456913762.1456990022.212; __utmz=31431036.1433757878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=31431036.1.10.1456990022; __utmt=1; __utmc=31431036; CustomLogonServlet.company=IAP; user=caruso; rds_home_page_logon=%2Frdsv5i%2Fservlet%2Fcustom-logon%2Fclienti-asp%3F1456913769327" Set-Cookie="JSESSIONID=ADDBC908E913C159A330C746ABFE2340; Path=/rdsv5i; Secure"
##### User work without problems for 10 minutes:
82.112.204.155 - - [03/Mar/2016:08:37:58 +0100] "POST /rdsv5i/spoolviewer/spoolavailable.jsp HTTP/1.1" Cookie="AlreadyConnectedGUID=f34dc1bb-a117-4405-a40d-289c73e07de9; JSESSIONID=ADDBC908E913C159A330C746ABFE2340; __utma=31431036.270103424.1433757878.1456913762.1456990022.212; __utmz=31431036.1433757878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=31431036.1.10.1456990022; __utmc=31431036; CustomLogonServlet.company=IAP; user=caruso; rds_home_page_logon=%2Frdsv5i%2Fservlet%2Fcustom-logon%2Fclienti-asp%3F1456990031203" Set-Cookie="-"
#### Suddenly Tomcat send renewed JSESSIONID=28C983BAE315B709093B357C0DE7810D; ignoring browser sent back cookie: JSESSIONID=ADDBC908E913C159A330C746ABFE2340;
82.112.204.155 - - [03/Mar/2016:08:38:06 +0100] "POST /rdsv5i/spoolviewer/spoolavailable.jsp HTTP/1.1" Cookie="AlreadyConnectedGUID=f34dc1bb-a117-4405-a40d-289c73e07de9; JSESSIONID=ADDBC908E913C159A330C746ABFE2340; __utma=31431036.270103424.1433757878.1456913762.1456990022.212; __utmz=31431036.1433757878.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=31431036.1.10.1456990022; __utmc=31431036; CustomLogonServlet.company=IAP; user=caruso; rds_home_page_logon=%2Frdsv5i%2Fservlet%2Fcustom-logon%2Fclienti-asp%3F1456990031203" Set-Cookie="JSESSIONID=28C983BAE315B709093B357C0DE7810D; Path=/rdsv5i; Secure"
和会话丢失的问题...
#### Logging by my HttpSessionListener
##### At first access time tomcat sent cookie: JSESSIONID=ADDBC908E913C159A330C746ABFE2340;
03-Mar-2016 08:27:03.437 INFO [ajp-apr-8109-exec-5] com.rds_software.RdsUtil.http.HttpSessionEventsLogger.sessionCreated id="ADDBC908E913C159A330C746ABFE2340"
#### Suddenly Tomcat send renewed JSESSIONID=28C983BAE315B709093B357C0DE7810D;
03-Mar-2016 08:38:06.358 INFO [ajp-apr-8109-exec-6] com.rds_software.RdsUtil.http.HttpSessionEventsLogger.sessionCreated id="28C983BAE315B709093B357C0DE7810D"
#### Here destroy first access time JSESSIONID=ADDBC908E913C159A330C746ABFE2340
03-Mar-2016 09:08:43.365 INFO [ContainerBackgroundProcessor[StandardEngine[Catalina]]] com.rds_software.RdsUtil.http.HttpSessionEventsLogger.sessionDestroyed id="ADDBC908E913C159A330C746ABFE2340" lastAccessedTime="08:37" maxInactiveTimeInterval="1800" stackTrace="Stacktrace:
org.apache.catalina.session.StandardSession.expire(StandardSession.java:806)
org.apache.catalina.session.StandardSession.isValid(StandardSession.java:656)
org.apache.catalina.session.ManagerBase.processExpires(ManagerBase.java:532)
org.apache.catalina.session.ManagerBase.backgroundProcess(ManagerBase.java:517)
org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1352)
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1530)
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1540)
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1540)
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1519)
"
####################################################################################
我的问题是: 如何可能的tomcat在8点38分06秒创建一个新的会话时,浏览器发回JSESSIONID = ADDBC908E913C159A330C746ABFE2340和ADDBC908E913C159A330C746ABFE2340有在9:08:46被摧毁?
08:38:06 Session ADDBC908E913C159A330C746ABFE2340 not valid?
我工作了一个星期,编写测试用例来重现这种奇怪的行为,但没有成功。
增加org.apache.catalina.connector.CoyoteAdapter的loglevel,似乎tomcat在某些情况下无法识别从浏览器发送的JSESSIONID。
#AccessLogValve say:
93.145.128.242 - - [08/Mar/2016:10:16:35 +0100] "GET /uri Cookie="JSESSIONID=CE848CE8D53223658BD8D69D5CB667D4" Set-Cookie="JSESSIONID=0D954B6C1223E63C54DB8BDA265A7B83; Path=/rdsv5i; Secure"
#CoyoteAdapter say:
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [uriBC] has value [/rdsv5i/rds-its/xmlv5i/js/customers/righi.js]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [semicolon] has value [-1]
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parsePathParameters The variable [enc] has value [ISO-8859-1]
在正常情况下,我也应该看到:
08-Mar-2016 10:16:35.864 FINE [ajp-apr-8109-exec-6] org.apache.catalina.connector.CoyoteAdapter.parseSessionCookiesId Requested cookie session id is CE848CE8D53223658BD8D69D5CB667D4
我想的cookie解析处理不当,我会尝试重现的情况下激活RequestDumpValve。
您的服务器结构如何?你有1个http服务器,mod_jk和1个tomcat? – sgpalit
@sgpalit问题同时出现在/ uri1/*(load_balanced)和/ uri2/*(single_instance)中。我没有配置问题的证据。但我有新闻,增加CoyoteAdapter记录似乎tomcat的在某些情况下,是不能够识别JSESSIONID从浏览器发送 –
你有会话描述符在web.xml的路径/ rdsv5i,是这条道路在生产中也应用程序路径? – sgpalit