On 17/06/2013 16:32, joel wrote:
Hi,
I'm using Apache Tomcat/6.0.24 running on centos and have
several times observed a rare issue in which user sessions are "mixed".
When this occurs, userA clicks on a link and is provided with userB
specific content, content that should only be accessible to userB. When
this "mixing" occurs, it seems to affect multiple sessions at the same
time, ie userA and userB are not the only ones affected. Restarting
tomcat fixed the problem.
Does anyone know what causes this or how to
prevent it?
This is caused by an application bug in 99.9% of cases.
There are known issues in 6.0.24 that could cause this. In any case,
given the number of security fixes since 6.0.24, an upgrade to 6.0.37 is
in order.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
