Here is a better description. I am not sure where to look for in tomcat code.
--------------- we are seeing a session mixup problem in a deployed tomcat instance running with coyote connector. A user is seeing another user's data and request parameters. We took a look at the coyote code and found out that parameters are not reset till the next request. If a thread switch were to occur during this time (due to an exception), is it possible for session data to get mixed up? Please let us know how we can further investigate the problem or if you have a solution for this ------------------ Thanks Ravi -----Original Message----- From: Ravi Pachipala [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 8:27 AM To: 'Tomcat Developers List' Subject: RE: tomcat session sharing problem Sorry if this is the wrong alias. I am a developer and am trying to look into tomcat code to determine the source of problem. Is this problem fixed in 4.1.29? I don't see any bug reports for this. Ravi -----Original Message----- From: Remy Maucherat [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 7:54 AM To: Tomcat Developers List Subject: Re: tomcat session sharing problem Ravi Pachipala wrote: > We are using tomcat 4.1.24 and we found a particular problem where user A in > one session is seeing user Bs information who logged in a different user in > tomcat. > > We investigated this further and found that at the time this happened, there > was an exception in tomcat as follows. Both user A and B are logged in at > the same time and exception happens wen userA's session makes a > request.getParameters() call. Has anyone seen this? This is potentially a > very dangerous scenario in production environments. I think you should try TC 4.1.29 or 5.0.14. (please post that kind of message on tomcat-user) Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
