tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kristian Rink <krist...@zimmer428.net>
Subject clients behind nat/masq: sessions mixed up?
Date Fri, 06 Jul 2007 15:40:25 GMT

Folks;

dealing with quite an annoying problem right now: One of our web
applications (running inside a tomcat 5.5.20 cluster spread across two
machines behind an apache2 / mod_jk frontend) seems to act strangely in
some situations:

Most of the times, the application works rather fine. However, it seems
that in some(?) cases when clients working in a LAN connected to the
Internet using NAT or Masquerading (i.o.w.: comin' from the same public
IP address), their sessions get sort of "mixed" up, leaving one user
seeing the wrong data, suddenly also obviously "being authenticated" as
someone completely else who's working in the application, on a different
computer but just within the same network.

On one side, this is something rather important to me as providing users
access to "the wrong data" isn't to be considered a good thing. Other
side, however, I don't at all know how on earth this could happen - for
what I see, the application uses either a cookie (stored on the client
side) or a JSESSIONID (also just available on the client side) so having
these things mixed up should be virtually impossible... shouldn't it?

I am aware that this also might be application-specific. However, does
someone of the kind folks around here feel like pointing me some places
where to look, here, to get this sorted out?

TIA and bye, have a calm weekend everyone
Kristian

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message