Folks; dealing with quite an annoying problem right now: One of our web applications (running inside a tomcat 5.5.20 cluster spread across two machines behind an apache2 / mod_jk frontend) seems to act strangely in some situations:
Most of the times, the application works rather fine. However, it seems that in some(?) cases when clients working in a LAN connected to the Internet using NAT or Masquerading (i.o.w.: comin' from the same public IP address), their sessions get sort of "mixed" up, leaving one user seeing the wrong data, suddenly also obviously "being authenticated" as someone completely else who's working in the application, on a different computer but just within the same network. On one side, this is something rather important to me as providing users access to "the wrong data" isn't to be considered a good thing. Other side, however, I don't at all know how on earth this could happen - for what I see, the application uses either a cookie (stored on the client side) or a JSESSIONID (also just available on the client side) so having these things mixed up should be virtually impossible... shouldn't it? I am aware that this also might be application-specific. However, does someone of the kind folks around here feel like pointing me some places where to look, here, to get this sorted out? TIA and bye, have a calm weekend everyone Kristian --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
