Juan,
On 1/15/21 10:58, Christopher Schultz wrote:
Juan,
On 1/15/21 09:57, juan wrote:
We were running tomcat 8.5.57 on CentOS 7 and together with CAS SSO, we
have multiple servers behind an AWS load balancer setup with sticky
sessions. We encountered a weird situation where a user who logged into
their application was presented with another users profile after
login. Has
anyone encountered something similar to this? Both users hit the same
tomcat server seconds apart and the user was on his personal computer and
doesn't know the first user.
I forgot to ask a few things about this:
1. Is this reproducible? How many cases of this have you encountered?
2. Is your application holding on to references to request/response
beyond the end of a request?
Usually this kind of thing happens when applications are misusing those
objects by retaining references.
We have async-supported set to true for both default and jsp servlets and
using the http11.Http11NioProtocol connector with
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
and <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>.
Are you actually using servlet-async features? They are very tricky use
correctly without any mistakes.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
