Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 94328 invoked from network); 1 Dec 2008 11:51:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Dec 2008 11:51:11 -0000 Received: (qmail 18879 invoked by uid 500); 1 Dec 2008 11:51:12 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 18167 invoked by uid 500); 1 Dec 2008 11:51:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 18145 invoked by uid 99); 1 Dec 2008 11:51:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Dec 2008 03:51:08 -0800 X-ASF-Spam-Status: No, hits=2.6 required=10.0 tests=DNS_FROM_OPENWHOIS,SPF_HELO_PASS,SPF_PASS,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of lists@nabble.com designates 216.139.236.158 as permitted sender) Received: from [216.139.236.158] (HELO kuber.nabble.com) (216.139.236.158) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Dec 2008 11:49:39 +0000 Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1L77II-0002NL-4B for users@tomcat.apache.org; Mon, 01 Dec 2008 03:50:26 -0800 Message-ID: <20770506.post@talk.nabble.com> Date: Mon, 1 Dec 2008 03:50:26 -0800 (PST) From: Henk Fictorie To: users@tomcat.apache.org Subject: Re: mod_jk 1.2.27 and an empty POST In-Reply-To: <492D6F0E.3080706@apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: henk.fictorie@kpn.com References: <20699972.post@talk.nabble.com> <492D6F0E.3080706@apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Mladen Turk-3 wrote: > > Henk Fictorie wrote: >> Hi, >> >> I think that I've been bitten by a resolved bug in mod_jk 1.2.27. The >> changelog is describing this as: >> >> AJP13: Always send initial POST packet even if the client disconnected >> after >> sending request but before providing POST data. In that case or in case >> the >> client broke the connection in a middle of read send an zero size packet >> informing container about broken client connection. (mturk) >> >> > > Your SSO will have to remember the POST data > or use the GET for that. In all other cases this > is security risk of hi-jacking the sessions. > > Regards > I know, this issue will probably end with a service request to Oracle to solve this bug. Somewhere between mod_jk 1.2.21 and 1.2.27 the behaviour is changed. It now signals this as an error instead of leaving this up to tomcat. This is very reasonable, but it leaves us with an upgrade challenge :-( regards Henk Fictorie -- View this message in context: http://www.nabble.com/mod_jk-1.2.27-and-an-empty-POST-tp20699972p20770506.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org