tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Howard <ghow...@crosswalk.com>
Subject RE: Sessions being shared... (TC 3.2.3)
Date Thu, 15 Nov 2001 20:18:56 GMT
I've heard of this type of thing as a classic example of non-thread-safe
code.  Is there any possibility it could be this?

Geoff 

-----Original Message-----
From: Ralph Einfeldt [mailto:ralph.einfeldt@uptime-isc.de]
Sent: Thursday, November 15, 2001 11:43 AM
To: Tomcat Users List
Subject: AW: Sessions being shared... (TC 3.2.3)


Typically this kind of errors doesn't mean
that the users access the same session
but the jsp's/servlets you use store
information in place that is not local to
the session. (e.g.: class or instance variables)

To verify that the users have different sessions,
have a look at the session id. If they differ
it's probably an application problem.

> -----Urspr√ľngliche Nachricht-----
> Von: Paul Rubenis [mailto:paulr@tc.umn.edu]
> Gesendet: Donnerstag, 15. November 2001 17:32
> An: Tomcat Users List
> Betreff: Sessions being shared... (TC 3.2.3)
> 
> 
> 	I have some strangeness happening when using Tomcat 
> 3.2.3, Apache and
> an EJB Server.  Though it appears to be a session issue.  The
> application is using SSL via Apache.
> 
> 	Basically people log into the application via a jsp, 
> the jsp creates a
> session for that person and stuffs information about them 
> into it.  What
> is happening is that somehow sessions are being shared 
> between people. 
> So person A logs in just fine, does some stuff.  Person B 
> then logs in,
> gets the session id for person A and therefore can see 
> everything person
> A can in the application.  Obviously this is bad.  What 
> perplexes me is
> how anyone could EVER get another persons sessionid.
> 
> Here are the specs for the environment:
> 
> Solaris 7
> java 1.3.1
> jakarta 3.2.3
> apache-ssl 1.3.19
> 
> 	Thanks for any insight people might have on this.
> 
> -- 
> +-------------------------------------- mailto:paulr@tc.umn.edu ----+
> | Paul M Rubenis - System Administrator                             |
> | Phone: (612) 624-8337                                             |
> | Fax:   (612) 625-6853	                                
>             |
> +-------------------------------------------------------------------+
> | Any connection between your reality and mine is purely            |
> | coincidental.                                                     |
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> 
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message