tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Apache/mod_jk serves random files from tomcat
Date Wed, 11 Feb 2009 02:38:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yuval,

On 2/10/2009 3:44 PM, Yuval Perlov wrote:
> We started restarting apache on a regular basis but if a user is in mid
> request (consider a user that just filled a big form and is upload a file).

So it appears that Apache is, over time, losing track of user
identities? That seems odd since neither mod_jk nor Apache httpd
actually do anything but forward the identity information from the
browser to Tomcat. Either an HTTP cookie or a URL parameter is used to
identify sessions, and both are provided with every request.

Do you have unusually long URLs? Unusually long request bodies? I'm just
trying to think of why any data would be mixed-up.

Does this happen seemingly randomly, or only for certain pages on your
site? Certain source IP addresses? We had some users that were getting
all messed up before we recognized that they were doing through google's
cache which was seriously confusing just about everything. Fortunately,
we could see from our server logs that some requests came from the
/real/ remote user and others came from google's domain.

Otherwise, all I can think of is that you have some bug in your
application <shrug>. How are you doing authentication? How about user
identification - aside from relying on session data in Tomcat.

> We are contemplating two approaches:
> 1) moving to proxy_http. My only concern is that this won't help - maybe
> the problem is unrelated to AJP? Upgrading has helped some users but not
> all and the problem exists in both mod_jk and proxy_ajp.

Trying mod_proxy_http will certainly give you more information. Can you
reproduce this problem in a safe environment?

> 2) getting rid of apache and moving tomcat to the front (much harder to
> configure but ensures we are rid of this problem).

Are you /sure/ that a Tomcat-only setup doesn't exhibit this problem?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmSOi0ACgkQ9CaO5/Lv0PBpiwCdH2pRuaVP7TRl7E6tOqZbkUQM
yuUAniM9m8+Mo9aWiu2G8XQcZjXf2W/M
=l0Xk
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message