How could randomly my session is null?

Question

I am using Tomcat 6.0, JSF2.0.2

I realized that randomly HttpServletRequest getSession method, returns null.

I could the session randomly be nul

Answer 1

First, this problem is not related to JSF since it's "just" a component based MVC framework. This problem is more related to the servletcontainer in question, which is in this case thus Tomcat.

As to the problem: I've seen this before in specific portal(-like) applications. Tomcat has some builtin phishing prevention which would return a null session when the given cookie ID and path doesn't match with any cookie in Tomcat's session manager. More than often this problem can be solved by setting emptySessionPath attribute of the HTTP Connector <Connector> in conf/server.xml to true.