-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David,
On 5/29/14, 3:12 PM, David Rees wrote: > On Thu, May 29, 2014 at 8:51 AM, Konstantin Kolinko > <knst.koli...@gmail.com> wrote: >> 2014-05-29 11:58 GMT+04:00 David Rees <dree...@gmail.com>: >>> I've found that certain applications will no longer invalidate >>> sessions after upgrading from 7.0.53 to 7.0.54. >>> >>> It seems to require clustering to be set up in Tomcat. If it's >>> not set up, session invalidation works fine. >>> >>> So far, I can only trigger it in a webapp that uses Tapestry >>> Spring Security. >>> >>> I see a few changes in the changelog related to session >>> invalidate and clustering, could one of these changes be >>> responsible? >> >> What are the symptoms? > > The symptoms are that you expect the current session to be > invalidated and issued a new session on subsequent requests, but > instead the session remains valid and all data in the session > remains. Do you mean that you have a web application that does this: session.invalidate(); session = request.getSession(true); ... and the old session is in fact not invalidated? >> Is there anything unusual in the log files? > > Nothing in the logs as far as I can tell. > >> Is a single web application affected, or it spans several >> applications (via Single Sign On)? > > Only a single web application affected. > >> You may consider debugging. >> http://wiki.apache.org/tomcat/FAQ/Developing#Debugging >> >> You may consider simplifying you configuration to build a simple >> reproduce scenario for a bug report. > > Yes, those are my next steps, just haven't gotten that far yet and > wanted to see if anyone else was seeing anything similar. Please demonstrate that the session is in fact not validated. Given your description, if this is really happening, it should be trivial to create a test-case. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTh4eHAAoJEBzwKT+lPKRYaggP/1+ImY4rFsro1aA0Rc6LeTWE SV0wm/Ic7Elux15nr9wWFHDPi1k6RhpLp1TcI9RS8dpw0sXMjMjg2iMjZQn2+ETe 7gr3nI8vnzz6lYcnPmI9ckC0nOXB5J/1UcdE7M8P/tmKmYhZBXX1PdvIx5mwkowH YojmXzmtt8GfFAfuux0xv5RgcfpXbz9VmjSmfZxD6zlIuoa0pxkYHgNGKsFatMYd vK8yDUsBd+yOHRFMev6iO1XrePNRa8xOtwfKYeDQQ/kQNB1pqW0tQ2jJ1+NSMbVc WWM1SgS44NFatrQgUqX0uMKM2q8Jx57CnSlXGrk0yIiGMcOp+egXt1i8XTSdY92f gxHbwfkmz7U/dGztnjQxSAjerNFGFS8puaCHW6Ot5EThT9MQDytYkhwcFAqK3Zmg R1zqPj+MYQb8IBDQ1HaV57d0xhLFErriCPShsb9dH9Hubo77DOPUc3TkdLJJ9f4C eq+dyCO/Rt4JQEu5myWJsQAczZoZoFQYm3QOhaTNMxq/KzQ5ZDcfwmIpF4J8wWtM 0SFoqTYVQAFCYUHBNDgro+F3TpA55dwhTofOk3h4DcmDPAXucq7aq2cs5+FIiQS3 7MHDkDPPQr4gI+mGVPIZRGrUbpQ54+EhNUYga722knkaxDzkP9UxW5kix63bEDck Pdbe3wXdaaO3ZRms0kGf =/iQW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
