tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Rubenis <pa...@tc.umn.edu>
Subject Sessions being shared... (TC 3.2.3)
Date Thu, 15 Nov 2001 16:32:15 GMT
	I have some strangeness happening when using Tomcat 3.2.3, Apache and
an EJB Server.  Though it appears to be a session issue.  The
application is using SSL via Apache.

	Basically people log into the application via a jsp, the jsp creates a
session for that person and stuffs information about them into it.  What
is happening is that somehow sessions are being shared between people. 
So person A logs in just fine, does some stuff.  Person B then logs in,
gets the session id for person A and therefore can see everything person
A can in the application.  Obviously this is bad.  What perplexes me is
how anyone could EVER get another persons sessionid.

Here are the specs for the environment:

Solaris 7
java 1.3.1
jakarta 3.2.3
apache-ssl 1.3.19

	Thanks for any insight people might have on this.

-- 
+-------------------------------------- mailto:paulr@tc.umn.edu ----+
| Paul M Rubenis - System Administrator                             |
| Phone: (612) 624-8337                                             |
| Fax:   (612) 625-6853	                                            |
+-------------------------------------------------------------------+
| Any connection between your reality and mine is purely            |
| coincidental.                                                     |

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message