2014-07-08 11:48 GMT+04:00 Simon Kulessa <kule...@flexsecure.de>: > Hi, > > we are running a server on Apache Tomcat 7.0.29 with usage of the > servlet-api 3.0.1.
1. The current version is 7.0.54 2. What is "3.0.1". You may use any servlet-api jar when compiling, but at run time you must use the one that comes with Tomcat. > From one of our customers we received a bug report that in certain times an > IOException (Stream is closed) > is thrown while reading the data from a HttpServletRequest. > > After some investigation we added some logging and now we see the following > information: > First we logged the headers of the http request (by using > HttpServletRequest#getHeaders()) and > we see a JSESSIONID cookie with a value of 'A'. > After this we use HttpServletRequest#getCookies() to log the cookies as > well. > Here we only see a JSESSIONID cookie with a value of 'B'. > > The requested sessionId from the servletRequest has value 'A' as well. > > My question is: How can this be? > How is it possible that getCookies returns a cookie that is not defined in > the header of the http request? > Where does this cookie come from? And were did the cookie go that was > defined in the header? 3. Usually that is caused by bad programming in a web application, when newbie programmers share "request" object between requests. The unexpected "Stream is closed" issues are also symptoms of that. An example: http://markmail.org/thread/pxh6bk6saowy3rk6 4. I think getHeaders() may return some garbage for Cookie header (as the value may be corrupted when parsing the value into a cookie), but it should not contain a value from different user. 5. A browser may send several JSESSIONID cookies in the same request. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
