tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ravi Pachipala <rpachip...@everypath.com>
Subject RE: tomcat session sharing problem
Date Tue, 04 Nov 2003 22:54:43 GMT
Here is a better description. I am not sure where to look for in tomcat
code.

---------------
we are seeing a session mixup problem in a deployed tomcat instance running
with coyote connector. A user is seeing another user's data and request
parameters. We took a look at the coyote code and found out that parameters
are not reset till the next request. If a thread switch were to occur during
this time (due to an exception), is it possible for session data to get
mixed up? Please let us know how we can further investigate the problem or
if you have a solution for this
------------------

Thanks
Ravi

-----Original Message-----
From: Ravi Pachipala [mailto:rpachipala@everypath.com]
Sent: Tuesday, November 04, 2003 8:27 AM
To: 'Tomcat Developers List'
Subject: RE: tomcat session sharing problem


Sorry if this is the wrong alias. I am a developer and am trying to look
into tomcat code to determine the source of problem.

Is this problem fixed in 4.1.29? I don't see any bug reports for this.

Ravi

-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Tuesday, November 04, 2003 7:54 AM
To: Tomcat Developers List
Subject: Re: tomcat session sharing problem


Ravi Pachipala wrote:

> We are using tomcat 4.1.24 and we found a particular problem where user A
in
> one session is seeing user Bs information who logged in a different user
in
> tomcat.
> 
> We investigated this further and found that at the time this happened,
there
> was an exception in tomcat as follows. Both user A and B are logged in at
> the same time and exception happens wen userA's session makes a
> request.getParameters() call. Has anyone seen this? This is potentially a
> very dangerous scenario  in production environments.

I think you should try TC 4.1.29 or 5.0.14.
(please post that kind of message on tomcat-user)

Rémy



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message