Terracotta Discussion Forums (LEGACY READ-ONLY ARCHIVE)

Adding the flag <Context ... useHttpOnly="true"> in the tomcat configuration file (server.xml) has no effect. It seems terracotta ignores this flag. Without the TerracottaTomcat60xSessionValve it work as expected.

How can i set the httpOnly flag for the cookie JSESSIONID?
I'm using terracotta-session-1.1.2 with tomcat 6.0.32.

@ hhuynh - Thank you for your efforts.

For test purposes i switch jsf state saving from server to client.
Seems this helps. But this is only a temporary solution for me.

the maven test project and the war file
(replace the el-api.jar with el-api-2.2.jar on tomcat)

1 Test (which works fine in my test infrastructur):

- activate app01 and deactivate app02
- call the index.xhtml page
- check jsession id (something like xyz.app01)
- post text (submit)
- activate app02 and deactivate app01
- call the index.xhtml page
- check jsession id (something like xyz.app02)
- check posted text if equal

2 Test (which fails)
- activate app01 and deactivate app02
- call the index.xhtml page
- check jsession id (something like xyz.app01)
- activate app02 and deactivate app01
- post text (submit)

=> ViewExpiredException

The client log from app01 (when i deactivate app02 with the load balancer and the session hoppes form app02 to app01)

2011-10-25 10:33:17,009 [TP-Processor2] INFO com.tc.tcsession.ROOT - found a sessionID cookie (1) in request: E8Ue8QTDMKAmvXiDeFP2.app02
2011-10-25 10:33:17,009 [TP-Processor2] INFO com.tc.tcsession.ROOT - requested session ID from http request (cookie): E8Ue8QTDMKAmvXiDeFP2.app02
2011-10-25 10:33:17,009 [TP-Processor2] INFO com.tc.tcsession.ROOT - session ID generator returned com.terracotta.session.util.DefaultSessionId{ key=E8Ue8QTDMKAmvXiDeFP2, requestedId=E8Ue8QTDMKAmvXiDeFP2.app02, externalId=E8Ue8QTDMKAmvXiDeFP2.app01, knownHop=true}
2011-10-25 10:33:17,009 [TP-Processor2] INFO com.tc.tcsession.ROOT - getSessionIfExists called for com.terracotta.session.util.DefaultSessionId{ key=E8Ue8QTDMKAmvXiDeFP2, requestedId=E8Ue8QTDMKAmvXiDeFP2.app02, externalId=E8Ue8QTDMKAmvXiDeFP2.app01, knownHop=true}
2011-10-25 10:33:17,025 [TP-Processor2] INFO com.tc.tcsession.ROOT - writing new cookie for hopped request: Cookie(JSESSIONID=E8Ue8QTDMKAmvXiDeFP2.app01, path=/, maxAge=-1, domain=null, secure=false, comment=null, version=0)

I also try to reproduce the problem in a little sample app

Apache Web Server 2.2.21
Tomcat 6.0.32
Terracotta 3.5.3
Java 1.6
Terracotta-session-1.1.2

Hi all,

we have a clustered JSF 2.0/Spring/Hibernate web application (terracotta web sessions).
Our test infrastructur covers 1 web server (load balancer with sticky sessions enabled), 2 application server (app01, app02) and 1 active and 1 passive terracotta cache node.

We are testing some failover scenarios. Everthing works fine,
except one special case:

- Request a form page and get a response from app01
- Disable the server app01 (with the load balancer)
- Post the form page and submit same values

=> javax.faces.application.ViewExpiredException

It seems the jsf view state isn't synchronized with the active terracotta cache node.

We also discoverd one strange behavior in the Terracotta Developer Console (Sessions/Browse/Get Sessions)
Every time we lookup the session attributes for the current session we get different values. It seems there are two different sessions stored for the same session id.
(e.g. com.sun.faces.renderkit.ServerSideStateHelper.LogicalViewMap is sometimes empty sometimes not)

Any ideas?

Thanks
and best regards,
arnsch