cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Pasemann (JIRA)" <>
Subject [jira] [Commented] (CAY-1739) Cayenne ROP server resets session on every request if BASIC auth is used
Date Thu, 13 Sep 2012 21:27:07 GMT


Christian Pasemann commented on CAY-1739:

So i testet this on Tomcat 7.0.30 and 6.0.35. Problem occurs on both. On Jetty 6.1.22 this
issue wont happen.
> Cayenne ROP server resets session on every request if BASIC auth is used
> ------------------------------------------------------------------------
>                 Key: CAY-1739
>                 URL:
>             Project: Cayenne
>          Issue Type: Bug
>    Affects Versions: 3.1B1
>            Reporter: Andrus Adamchik
>            Assignee: Andrus Adamchik
> Per
Tomcat 7 resets HTTP session on every ROP request resulting in a loss of state on the client.

> I reproduced that on Tomcat 7 and Jetty 8. Jetty 6 works correctly. 
> Debugging on Jetty shows that if BASIC auth is present, container invalidates the existing
session and creates a new one during auth credentials checking phase. So it goes like this:
> 1. Connect ... session1 is established
> 2. Bootstrap ... session1 cookie is accepted, but session is immediately invalidated
and session2 is created
> 3. Commit ... Client still sends session1 cookie, while the server expects session2,
causing an exception:
> org.apache.cayenne.remote.service.MissingSessionException: [v.3.2M1-SNAPSHOT Sep 10 2012
23:14:19] No session associated with request.
> 	at org.apache.cayenne.remote.service.BaseRemoteService.processMessage(
> I wonder if the new servlet spec is specifying this behavior (?).
> A possible fix is to read the session cookie on the client and reset session ID on every
> A hideous workaround for the users is to remove BASIC auth.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message