tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: other session visible
Date Fri, 20 Apr 2001 17:17:21 GMT

My company was using gnuJSP and mod_jserv back in the day and we ran into a
problem very similar to this.
We swore up and down at the java code but could never find anything wrong
with it.  The problem was doubly irritating because we could not reproduce
it in our development environment.  It only occured in the field during
demos and such.

The real problem was proxy servers.  If you are not very careful with your
HTTP directives you'll find that a proxy server sees a request for:
But the proxy server doesn't see a ? in the request so it assumes the
request is static even though it isn't.  The first user's request gets
cached and the second user to make a request gets the first users data!

I have sample code at home with the specifics of how we defated this.  If
people are curious I'll post it here.  The main thing is to use HTTP
headers to ensure that a proxy will never cache your pages.  We put the 'no
cache' stuff into a jsp snippet and included that snippet on every page.
Our problem evaportated.

Let me know if you want the specific source code,

                                         Jason Henriksen

Warning : The information contained in this message may be privileged and confidential and
protected from disclosure. If the reader of this message is not the intended recipient, you
are hereby notified that any dissemination, distribution or copying of this communication
is strictly prohibited. If you have received this communication in error, please notify us
immediately by replying to this message and then delete it from your computer. All e-mail
sent to this address will be received by the Providian Financial corporate e-mail system and
is subject to archiving and review by someone other than the recipient.


View raw message