tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: tomcat session mixing
Date Mon, 17 Jun 2013 15:46:43 GMT
On 17/06/2013 16:32, joel wrote:
> Hi,
> I'm using Apache Tomcat/6.0.24 running on centos and have
> several times observed a rare issue in which user sessions are "mixed".
> When this occurs, userA clicks on a link and is provided with userB
> specific content, content that should only be accessible to userB. When
> this "mixing" occurs, it seems to affect multiple sessions at the same
> time, ie userA and userB are not the only ones affected. Restarting
> tomcat fixed the problem.
> Does anyone know what causes this or how to
> prevent it?

This is caused by an application bug in 99.9% of cases.

There are known issues in 6.0.24 that could cause this. In any case, 
given the number of security fixes since 6.0.24, an upgrade to 6.0.37 is 
in order.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message