tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Tomcat 7 - No modifications are allowed to a locked ParameterMap
Date Thu, 03 May 2012 13:23:39 GMT
2012/5/3 David Wall <d.wall@computer.org>:
>
>
> On 5/2/2012 2:17 PM, Caldarale, Charles R wrote:
>>
>> Both this symptom and your earlier one about creating a session after a
>> response has been committed are representative of the kinds of errors seen
>> when a webapp stores references in an inappropriate scope.  For example,
>> keeping a reference to a request or response object in a static field, a
>> session, or a thread-local, will often result in the wrong object being used
>> later on.  This is especially evident under high-load situations...
>>
>>  - Chuck
>
>
> Okay, it looks like you put me on the right track. Just discovered that one
> of the servlets uses an instance variable to hold the
> request/response/session objects. Oy, and it was like that since 2008!  Not
> positive this will resolve all the issues, but it's a clear bug.  Thanks for
> your tip.
>

One more tip:
run with "org.apache.catalina.connector.RECYCLE_FACADES=true"

That will be more secure and you will be able to more easily detect
errors like this one.

http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html
http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message