tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Possible bug in Tomcat Date header handling
Date Fri, 26 Aug 2011 15:45:20 GMT
On 26/08/2011 16:25, Mick Sear wrote:
> 
> Tomcat 7.0.20
> Windows XP
> JDK 1.6.0_20
> 
> I think there is a bug in Tomcat's handling of the Date HTTP header.

I disagree.

> When the system clock time is advanced and then put back, with an HTTP
> request being handled in between those two actions, Tomcat will send the
> later of the two times in the response headers until the later time is
> reached.

Then don't do that. Servers should have stable clocks sync'd to a
reliable time source, e.g. via ntp.

> This is causing us a problem since we have systems that sync off the date
> header.

Fix the cause, not the symptom.

> I understand that the 'getCurrentDate()' method in the code above means
> that Tomcat only needs to do a DateFormat.format() on a long value once
> every second at most and so was clearly introduced to improve performance,
> but this makes Tomcat susceptible to incorrect system dates and will also
> be returning an invalid time for (typically) one hour when clocks go back
> in the autumn / fall.

No it won't. System.getCurrentTimeMillis() uses UTC and should be immune
to changes in daylight savings offset and timezone.

If a system is not set up correctly, you might see step changes in the
return value from System.getCurrentTimeMillis() but again in that case
fixing the configuration is the right approach.

> It would be better to check for a negative number in this method and
> regenerate 'currentDateGenerated' if this is the case:
> 
> ...
>     if ((now - currentDateGenerated) > 1000 || (now -
> currentDateGenerated) < 0) {
>         synchronized (format) {
>             if ((now - currentDateGenerated) > 1000) {
>                 currentDate = format.format(new Date(now));
>                 currentDateGenerated = now;
>             }
>         }
>     }
>     return currentDate;
> ...
> 
> Please let me know if there is a workaround or if I'm wrong in my reading
> of the situation.

The fix is to address the root cause which appears to be a poorly
configured system clock. I am loath to add a work-around at any point in
the Tomcat source code to handle time apparently going backwards rather
than forwards.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message