Return-Path: 
 <tomcat-dev-return-36046-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org
Received: (qmail 35189 invoked from network); 4 Nov 2003 16:26:00 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 4 Nov 2003 16:26:00 -0000
Received: (qmail 23108 invoked by uid 500); 4 Nov 2003 16:25:46 -0000
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 23072 invoked by uid 500); 4 Nov 2003 16:25:46 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 23059 invoked from network); 4 Nov 2003 16:25:46 -0000
Received: from unknown (HELO mailer1.everypath.com) (63.161.85.133)
  by daedalus.apache.org with SMTP; 4 Nov 2003 16:25:46 -0000
Received: from hqexch01.everypath.com (hqexch01 [10.7.2.11])
	by mailer1.everypath.com (8.12.5/8.12.5) with ESMTP id hA41os3c025516
	for <tomcat-dev@jakarta.apache.org>; Tue, 4 Nov 2003 09:50:54 +0800
Received: by hqexch01.everypath.com with Internet Mail Service (5.5.2653.19)
	id <VYJ2A91S>; Tue, 4 Nov 2003 08:26:48 -0800
Message-ID: <FC38A9406AA4D411AB62009027DE9DA504CE2F18@hqexch01.everypath.com>
From: Ravi Pachipala <rpachipala@everypath.com>
To: "'Tomcat Developers List'" <tomcat-dev@jakarta.apache.org>
Subject: RE: tomcat session sharing problem
Date: Tue, 4 Nov 2003 08:26:43 -0800 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C3A2F0.6ECA13F6"
X-Everypath-MailScanner-Information: Please contact the ISP for more
 information
X-Everypath-MailScanner: Found to be clean
X-Everypath-MailScanner-SpamCheck: not spam, SpamAssassin (score=-104.8,
	required 5, BAYES_00 -4.90, HTML_MESSAGE 0.10,
	USER_IN_WHITELIST -100.00)
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

------_=_NextPart_001_01C3A2F0.6ECA13F6
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Sorry if this is the wrong alias. I am a developer and am trying to =
look
into tomcat code to determine the source of problem.

Is this problem fixed in 4.1.29? I don't see any bug reports for this.

Ravi

-----Original Message-----
From: Remy Maucherat [mailto:remm@apache.org]
Sent: Tuesday, November 04, 2003 7:54 AM
To: Tomcat Developers List
Subject: Re: tomcat session sharing problem


Ravi Pachipala wrote:

> We are using tomcat 4.1.24 and we found a particular problem where =
user A
in
> one session is seeing user Bs information who logged in a different =
user
in
> tomcat.
>=20
> We investigated this further and found that at the time this =
happened,
there
> was an exception in tomcat as follows. Both user A and B are logged =
in at
> the same time and exception happens wen userA's session makes a
> request.getParameters() call. Has anyone seen this? This is =
potentially a
> very dangerous scenario  in production environments.

I think you should try TC 4.1.29 or 5.0.14.
(please post that kind of message on tomcat-user)

R=E9my



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

------_=_NextPart_001_01C3A2F0.6ECA13F6--