tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From joel <>
Subject Re: tomcat session mixing
Date Mon, 17 Jun 2013 16:01:39 GMT

Hi Mark, 

Thanks for the info! I'll look into making the upgrade.

Can you advise how an application bug can cause this when restarting
tomcat will fix it? That would help me wrap my mind around something
that isn't imaginable, yet. 



On 2013-06-17 10:46, Mark
Thomas wrote: 

> On 17/06/2013 16:32, joel wrote:
>> Hi, I'm using
Apache Tomcat/6.0.24 running on centos and have several times observed a
rare issue in which user sessions are "mixed". When this occurs, userA
clicks on a link and is provided with userB specific content, content
that should only be accessible to userB. When this "mixing" occurs, it
seems to affect multiple sessions at the same time, ie userA and userB
are not the only ones affected. Restarting tomcat fixed the problem.
Does anyone know what causes this or how to prevent it?
> This is
caused by an application bug in 99.9% of cases.
> There are known
issues in 6.0.24 that could cause this. In any case, 
> given the number
of security fixes since 6.0.24, an upgrade to 6.0.37 is 
> in order.

> Mark
To unsubscribe, e-mail:
> For
additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message