Tomcat 5.5 getSession(true) returns null

This week I’ve been fiddling around with my thesis application, trying to get it up and running again after a hibernation period of almost a year. A lot of things had changed since I last used it, both on the department server and in our database, so I was in for some serious glueing, duct taping and debugging. Most of the problems were quite straight forward to fix, such as the database being out of date, some protocols having changed and so on. But there was one thing I just couldn’t understand.

When my web application tried to create an HttpSession object by calling getSession(true) on the HttpServletRequest instance, it returned null! According to the servlet 2.4 specification, the method must return a new session if it doesn’t exist, so this was just insane behaviour. By reflex, I started Googling for some answers, and it actually took me a while to find the solution.

It seemed that quite a lot of people have had the same problem after upgrading to Tomcat 5. This server was running 5.5.7 and had probably been upgraded sometime during the last 8 months or so, since it worked when I last used the application. There weren’t many useful solutions, though.

Most of the posts I found, where the same problem was described, had either “solutions” that didn’t work or a setting that differed from mine. No luck there, in other words. Some other guy had actually gone through the Tomcat source code and found a number of flaws which might contribute to the problem. He didn’t have a fool proof solution, though, but successfully demonstrated one of the pros with open source software: you can actually go and have a look at the code and fix it, not having to wait around for the next bugfix.

Finally, I found a post that proposed modifying the server.xml configuration file in Tomcat by adding

emptySessionPath="true"

as an attribute to the Connector tag. There were no responses to this as to whether it was working or not, but it was worth a shot. And luckily it fixed my problem. More specifically, this is what caused the problem:

public Request(HttpServletRequest req, HttpServletResponse res, Type type, ServletConfig config) {
    context = config.getServletContext();
    session = req.getSession(true); // <-- returned null!
}

With the above attribute in place, everything seems to work fine. Why? The Tomcat docs enlightens us:

If set to true, all paths for session cookies will be set to /. This can be useful for portlet specification implementations, but will greatly affect performance if many applications are accessed on a given server by the client. If not specified, this attribute is set to false.

I’m no expert on cookies, but I’ve noticed in other applications that it’s best to set the cookie path to ‘/’ if you want to read them in different locations in the application.

So, there you have it.

Advertisements

Leave a comment

Filed under All software sucks, Geek speak, Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s