| Author |
Session Cookie error when user is not logged in
|
|
| Dan Dubinsky 2004-11-16, 5:50 pm |
| Hi All,
I'm having a problem with a JSR 168 portlet accessing the session. When a
user is logged in to the portal, everything works fine. When I log out and
try to access the portlet via the anonymous user I get an error in the
console:
[11/16/04 16:46:02:427 GMT-05:00] 44094409 SessionContex W SESN0066E:
Response is already commited to client. Session cookie cannot be set.
Since the session cookie isn't set, the session data is lost on the next
page request (which is causing all sorts of other problems when I click
buttons in the portlet). The portlet is generating the same content and
doing the same thing whether or not a user is logged on so I'm not sure why
the response is getting commited with "anonymous" and not with "wpsadmin".
Also, it's strange because I get this error after the portlet has been
rendered. I would think the session cookie would be written before portlets
get rendered to prevent this sort of problem. Anybody have any ideas?
Thanks in advance,
Dan
| |
| Michael Harris 2004-11-17, 2:48 am |
| Have you turned on sessions for anonymous users?
By default, sessions are disabled for anonymous users for performance
reasons. If you determine that it is necessary for your portlet to use a
session for anonymous users, open the portal InfoCenter and search for
"anonymous session" for more information. You'll need to change the
public.session parameter in NavigatorService.properties.
| |
| Gennadiy Civil 2004-11-17, 7:48 am |
| Michael Harris wrote:
> Have you turned on sessions for anonymous users?
>
> By default, sessions are disabled for anonymous users for performance
> reasons. If you determine that it is necessary for your portlet to use a
> session for anonymous users, open the portal InfoCenter and search for
> "anonymous session" for more information. You'll need to change the
> public.session parameter in NavigatorService.properties.
>
>
This is interesting
Do you have any experience running with anonymous session ON? I wonder
how much performance overhead really does exist for this....
Thanks
| |
| Michael Harris 2004-11-17, 5:52 pm |
| The main issue is that you do not have the loggout mechanism to trigger
garbage collection of the session data. This means that the session data
will remain in memory until the session times out. Depending upon the kind
of site you are building and the kind of unauthenticated traffic you get,
this can cause a huge memory load on the server.
| |
| Gennadiy Civil 2004-11-17, 5:52 pm |
| Michael Harris wrote:
> The main issue is that you do not have the loggout mechanism to trigger
> garbage collection of the session data. This means that the session data
> will remain in memory until the session times out. Depending upon the kind
> of site you are building and the kind of unauthenticated traffic you get,
> this can cause a huge memory load on the server.
>
>
In our case we are writing an application that has its own login/logout
Due to the requirements we are not using Portal's user management, the
user will be anonymous as far as portal is concerned...
Looks like as long as we are managing our sessions correctly there
should not be many memory issues....
Thanks
| |
| Jouni Rajala 2004-11-17, 5:52 pm |
| > The main issue is that you do not have the loggout mechanism to trigger
> garbage collection of the session data. This means that the session data
> will remain in memory until the session times out. Depending upon the
> kind
It has been researched that 95% of people don't log out from service but
just shuts down the browser anyway..
| |
| Oliver Meyer 2004-11-18, 2:48 am |
| I would be interested in who did this research and which group the test
persons belonged to. Not looging out of an application also is a
security issue. For example, I would not just close my browser when I am
doing internet banking.
Oliver
|
|
|
|