tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitri Colebatch <>
Subject Re: Weird thread/security problem
Date Thu, 26 Jul 2001 15:49:17 GMT
Application wide content should be stored in the context, not as servlet
variables.  This is because if the servlets are load balanced across
multiple jvms, or if servles implement the SingleThreadedModel then tomcat
will need to ensure that all instances of servlets on all jvms share the
one object.  correct?


On Thu, 26 Jul 2001, Francis Pallini wrote:

> Hi,
> Application-wide data (within a container in the case of balanced servers) 
> can be put in instance variables, but access must then be synchronized. 
> User-related data must be put in the session object...
> Regards,
> Francis Pallini
> At 06:18 PM 7/26/01 +0900, you wrote:
> >Hi,
> >
> >So I think this is a thread/security issue, but I am not sure.  However
> >it is definitely weird.
> >
> >I have been conducting some tests with multiple users.  Various servlets
> >are contacted that supply pages to each user, that include information
> >such as user name etc.  The version of tomcat in use is 3.2.1, and
> >clearly I should upgrade to 3.2.3, but the tomcat is provided by my
> >service provider so that might take some time.
> >
> >Anyway, the problem is that sometimes when two users are accessing the
> >system simulatenously the information for one user will be displayed,
> >briefly, to the other user.  The system I have developed is quite
> >complicated so I can't rule out that this is a problem with the code,
> >but I'm not using static variables or anything that would allow this
> >swap over.  I mean each user has an object associated with them that
> >contains their user name, but these are local variables to the servlet.
> >
> >Are there or have there been problems with tomcat that would explain
> >this problem?  I mean tomcat creates a separate thread for each servlet
> >right? Different user, different thread, so their data shouldn't be
> >available to each other.
> >
> >Am I overlooking something here?  Should I be mailing to the developer's
> >list?
> >
> >And on the same topic, does anyone know of any software that will
> >simulate multiple users, without me having all my friends test the
> >system.  I mean some software (ideally free or shareware) that would
> >simulate the stream of http requests, I guess I could hack something
> >together myself, but if there's something already out there that would
> >be great.
> >
> >Thanks in advance.
> >

View raw message