Re: non-unique sessionids

Azinger, Eric wrote:
> Scott,
> We're seeing the days and sometimes weeks going by between logging dates
> though. The browser session certainly shouldn't be lasting that long,
> right?

The cookie generally stays alive until the user closes the browser.
I've used the same browser instance for weeks without shutting down. So
the cookie will be the same all that time.

-- Scott

> Eric
>
> -----Original Message-----
> From: Scott Ferguson [mailto:ferg@xxx.com]
> Sent: Wednesday, April 03, 2002 9:33 AM
> To: resin-interest@xxx.com
> Subject: Re: non-unique sessionids
>
> Azinger, Eric wrote:
>
>>Greetings,
>>On our site we log a variety of information about our visitors. Recently
>>
> we
>
>>have seen many instances in which duplicate session ids are appearing. We
>>have a simple bean that pulls the session id along with other basic info
>>
> and
>
>>shoves it into our database. These duplicate session ids are being logged
>>on different dates and from different servers in our cluster. Due to the
>>size of the session id and the way they are generated, this much
>>
> duplication
>
>>should not be happening.
>>
>
>>The only commonality that we can find is that the
>>originating address of the request will stay the same.
>>
>
> In other words, the session is coming from the same browser.
>
> Resin normally uses the session id sent from the browser for a new
> session. It will only generate a new session id if the browser does not
> send a cookie at all. Since the browser will continue to send the same
> cookie until the browser session exits, the same user will reuse the old
> session id.
>
> -- Scott
>
>
>
>
>>It appears that
>>somehow the session ids are being cached, but I have no idea how this is
>>happening. Any ideas?
>>Thanks,
>>Eric
>>
>>
>>
>
>
>
>
Received on Wed 03 Apr 2002 09:43:56 -0800