tomcat session sharing problem

Tue, 04 Nov 2003 08:31:16 -0800 

We are using tomcat 4.1.24 and we found a particular problem where user A in
one session is seeing user Bs information who logged in a different user in
tomcat.

We investigated this further and found that at the time this happened, there
was an exception in tomcat as follows. Both user A and B are logged in at
the same time and exception happens wen userA's session makes a
request.getParameters() call. Has anyone seen this? This is potentially a
very dangerous scenario  in production environments.

java.io.CharConversionException: isHexDigit
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:124)
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:87)
        at
org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:407
)
        at
org.apache.coyote.tomcat4.CoyoteRequest.parseRequestParameters(CoyoteRequest
.java:1966)
        at
org.apache.coyote.tomcat4.CoyoteRequest.getParameterNames(CoyoteRequest.java
:953)
        at
org.apache.coyote.tomcat4.CoyoteRequestFacade.getParameterNames(CoyoteReques
tFacade.java:183)
        at
com.everypath.online.epservlet.ControllingServlet.getParameters(ControllingS
ervlet.java:988)
        at
com.everypath.online.epservlet.ControllingServlet.getServerRequest(Controlli
ngServlet.java:725)
        at
com.everypath.online.epservlet.ControllingServlet.service(ControllingServlet
.java:236)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:247)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:193)
        at
filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:
170)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:213)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:193)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:256)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180
)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.
java:171)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172
)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:174)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
        at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
        at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
        at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
        at
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:619)
        at java.lang.Thread.run(Thread.java:4

Reply via email to