Description
Per http://stackoverflow.com/questions/12314857/apache-cayenne-rop-server-no-session-associated-with-request-on-tomcat-7 Tomcat 7 resets HTTP session on every ROP request resulting in a loss of state on the client.
I reproduced that on Tomcat 7 and Jetty 8. Jetty 6 works correctly.
Debugging on Jetty shows that if BASIC auth is present, container invalidates the existing session and creates a new one during auth credentials checking phase. So it goes like this:
1. Connect ... session1 is established
2. Bootstrap ... session1 cookie is accepted, but session is immediately invalidated and session2 is created
3. Commit ... Client still sends session1 cookie, while the server expects session2, causing an exception:
org.apache.cayenne.remote.service.MissingSessionException: [v.3.2M1-SNAPSHOT Sep 10 2012 23:14:19] No session associated with request.
at org.apache.cayenne.remote.service.BaseRemoteService.processMessage(BaseRemoteService.java:127)
I wonder if the new servlet spec is specifying this behavior .
A possible fix is to read the session cookie on the client and reset session ID on every request.
A hideous workaround for the users is to remove BASIC auth.