tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: problem about tomcat session management
Date Sun, 18 May 2008 01:07:16 GMT

"Christopher Schultz" <> wrote in message
> Hash: SHA1
> Zufeng,
> Zufeng Huang wrote:
> | Recently, I am suffering a problem about tomcat session management.
> | It is a sign-in service, sometimes the user A logs in, system sets
> | userí»s information in session and then a piece of JSP codes to read
> | the userí»s name from session, but the user gets another userí»s name
> | in browser. I cannot repeat this problem in our network environment,
> | but our customers meet(NOT ALWAYS).
> This is almost certainly an application error. You should make sure that
> you are not storing references to HttpServletRequest or HttpSession
> objects /anywhere/ that might be shared with another thread.
> Specifically, check that your servlets do not have any class-level 
> members.

Actually, since the OP can't reproduce it on his network, I'd vote for an 
up-stream proxy server returning a cached view of the page.  Of course 
Tomcat will take care of this for protected pages if you are using Container 
Auth, but it doesn't sound like this app is doing that.

> | Our service environment: centos V4, jdk1.5.0_07, tomcat5.5.15.
> You might want to upgrade to Tomcat 5.5.26, which is the latest 5.5.x
> version available.

Always a good suggestion, since there are quite a few fixes from 5.5.15 :).

> - -chris
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla -
> =jMBi
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message