RE: non-unique sessionids

Scott,
We're seeing the days and sometimes weeks going by between logging dates
though. The browser session certainly shouldn't be lasting that long,
right?
Eric

 -----Original Message-----
From: Scott Ferguson [mailto:ferg@xxx.com]
Sent: Wednesday, April 03, 2002 9:33 AM
To: resin-interest@xxx.com
Subject: Re: non-unique sessionids

Azinger, Eric wrote:
> Greetings,
> On our site we log a variety of information about our visitors. Recently
we
> have seen many instances in which duplicate session ids are appearing. We
> have a simple bean that pulls the session id along with other basic info
and
> shoves it into our database. These duplicate session ids are being logged
> on different dates and from different servers in our cluster. Due to the
> size of the session id and the way they are generated, this much
duplication
> should not be happening.

> The only commonality that we can find is that the
> originating address of the request will stay the same.

In other words, the session is coming from the same browser.

Resin normally uses the session id sent from the browser for a new
session. It will only generate a new session id if the browser does not
send a cookie at all. Since the browser will continue to send the same
cookie until the browser session exits, the same user will reuse the old
session id.

-- Scott

> It appears that
> somehow the session ids are being cached, but I have no idea how this is
> happening. Any ideas?
> Thanks,
> Eric
>
>
Received on Wed 03 Apr 2002 08:36:52 -0800