tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Chapman" <andrew.chap...@clicktools.com>
Subject Duplicate Sessions Tomcat 4.1.24
Date Thu, 18 Sep 2003 10:56:17 GMT
I have a deployed web app with a medium size user base (~500) which
recently went live. The app relies on the session to retrieve user
information. The session usage is simply to store a couple of ids
(Strings) and retrieve them from the session to lookup data. This all
works perfectly with a small user base (~20) but horror of horrors, when
loaded, people are seeing other peoples data. I have trawled through my
code and, although as ever keeping an open mind, can only imagine this
is happening if SESSIONID's are being duplicated and therefore the data
is being overwritten by the "other" user(s).

I remember a thread in January about duplicates in 4.1.18 "Duplicate
session IDs are *common*", but can't find anything in the bug database.
Does anyone know if this ever was a problem or is still a problem in
4.1.24? What puzzles me is the relatively small number of concurrent
users which cause this to happen.

I am attempting to reproduce the problem in a sterile environment now,
any thoughts, help or fixes :o) would be greatly appreciated.


Mime
View raw message