Enable Session in Apache tomcat

Question

I am facing a weird problem in setting session and retrieving it.

I have a Java Spring MVC application. But the client side is not using JSP. It's a separate application developed using AngularJS. While logginng in I am setting the session in login controller.

@RequestMapping(value = "/loginUser", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
public ObejctResponse loginUser(@RequestBody User user, HttpServletRequest request) {

    //code checking username and password
    HttpSession session = request.getSession();
    session.setAttribute(USERID, username);
    session.setAttribute(USER, user);
    session.setAttribute(LOGGED_IN, true);

    //code
}

I have interceptor to check whether session is null or not. If its null, it returns false. And in the client side, if it returns nothing it will logout and goto login page.

@Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
            Object object) throws Exception {
        boolean authenticate=false;
        String pathRequest = request.getPathInfo().toLowerCase();

        if(pathRequest.matches(".*(loginuser|logoutuser|switchuser|restservice|resetpassword|changepassword|checkemailid).*")) {
            authenticate = true;
        }
        /* String servletPath = request.getServletPath().toLowerCase();
        if(servletPath.matches(".*(rest).*")) {
            authenticate = true;
        } */
        if(!authenticate) {
            HttpSession session = request.getSession(true); /*don't create if it doesn't exist*/
            if(session.getAttribute(USER) != null) {
                authenticate = true;
            }
        }
        return authenticate;
    }

I tried deploying both wars in my local tomcat and its working fine.

In digital ocean machine when i try to deploy both, it is loggin in, Then when i click on any link, its going to request interceptor and returns false, causing to logout in front end. I skipped request authentication session, then its going to its appropriate controller , but throwing null pointer exception because I am taking userid from session.

In the local it is working fine. But in remote machine its not. I didn't change any configuration other than the port. Which file I have to check and what I have to do to enable the session?

I am using apache tomcat 7.0.47 on remote machine and apache tomcat 7.0.53 on local

Answer 1

HttpSession session = request.getSession(true); /*don't create if it doesn't exist*/

Your comment contradicts your code. One of them is wrong. If you don't want a session created you should specify false here, not true. This line of code will always return a non-null session.