I have been having an issue with session variables not being available when a request has come from a domain name as opposed to localhost. For instance, if I set a user variable:
request.getSession(true).setAttribute("user", user);
//Redirects to another html page or something...
When the client makes another request and I attempt to access the user session variable it returns null.
//Client makes another request to the server
request.getSession(true).getAttribute("user"); //returns null
I've noticed that on each request, a new JSESSIONID cookie is set and the ID value changes. Does this mean that a new session is being created each time the client accesses the server? How do I maintain the same session between the client so I can store objects in the HttpSession and have access to them?
I don't know if this has anything to do with anything either, but when viewing the application from the tomcat manager, the sessions count continues to grow regardless of the fact that I am using the application from the same browser window, not refreshing the page or anything. Another sign that a new session is being created on each request to the server?
This only happens when accessing the application from a domain name ex: example.com/app. When coming from localhost, the session variables work fine.
Update
I tested without using response.sendRedirect and the session variable is available until I switch pages and make another request to the server. This confirms my suspicions that a new session is being created with each request. Its not the redirect thats killing the session, its any new request. How do I prevent this?
