I don't at all know how on earth this could happen - for what I see, the application uses either a cookie (stored on the client side) or a JSESSIONID (also just available on the client side) so having these things mixed up should be virtually impossible... shouldn't it?
That is correct. But there could be a problem with a proxy or NAT gateway. Things to investigate: Does the application keep track of user sessions the normal way using HttpSession? If not then that would be the first place to look for a problem. You can configure the Apache and Tomcat access logs to write out the JSESSIONID cookie. Then if you can pinpoint some of the bad requests in the log file, you can check the JSESSIONID (either cookie or URL param) to see if it is what the client should have sent, and if the application seemed to be using the correct session. If you have access to some clients that are seeing the problem, you can also check the JSESSIONID cookies on that end, using a browser plug-in such as Live HTTP Headers or ieHTTPHeaders. If the JSESSIONID sent by the client is different from the one in the server log file, then a proxy or something in between is changing it. -- Len --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
