-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joel,
On 6/17/13 12:01 PM, joel wrote: > Thanks for the info! I'll look into making the upgrade. > > Can you advise how an application bug can cause this when > restarting tomcat will fix it? That would help me wrap my mind > around something that isn't imaginable, yet. If you store a request object in a session, for example. Another one is having a servlet-scoped variable that gets set in the doGet/doPost/etc. method. There are other ways to shoot yourself in the foot, but these are two of the most obvious (and common). Other ways to leak information include, but are not limited to: - - Sloppy ThreadLocal management - - Retaining a reference a request or response object - - Retaining a reference to a servlet Input/OutputStream - - Retaining a reference to a session Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRv0vAAAoJEBzwKT+lPKRY01IQAIDwohve5xSpLBN+IqVCUJDQ fW8Iyqch5B6h0nNNQh+A5uxAtWDNnCRUb0PTVwuk3mSYiiDXq9XwhW0Z1zQmmV/Y 1J4WyiEJfksjDq4NQa0bH4rUh9wbvHu8beTihz73zN4ydHe/kyOTIiC9K0SBs1Dh HvsjRrf/+jXkg8SNvTZGxHZ9wCMv2wuRA2SFYy5PJIOgjBEDrVzctxwSidcBlta6 FhQmTV2DJELBjbc9QPl5DXrsnGntb0T9gzvOuxhl4hWVkt2oIO2MUdYkPGV9APIi rAH4/dJtXzhMs4laMFIsiLBt2eNx8zMJUUfW0wnj1zjfxWqg6chIdidlkqc/M6Bn A3oC3V5QGLrdeONHmvelOqX+9st3OorrKBvk+JoIVzvxN2zeXQacYJGiOOI484Vc HdbWdBrcAgk3PVwtOnR8NF+jCP0quDuiS5O9C3UpXjAr/F/azeVswJZImWVTElJO LmhfRFBq/CaopNJGRRm3MWbbgTeTrPUxCw/S6SbUASHcQAh3eRboq04UvPm+BqWb HRX65PLzio92rboIMKbPpVTc8sqDKRtoQ0k59vH8zsGQmF6WkpRi2MFoHkhdo2JQ IrUSSrbYoJP5KF6GmjEqVfPVWXiKc5aWyWBG1O8ffcqZGqghCwK4/r6OEx9jFz6S mW18XO3jD02az0rTZRGo =L4yS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
