2012/5/3 David Wall <d.w...@computer.org>: > > > On 5/2/2012 2:17 PM, Caldarale, Charles R wrote: >> >> Both this symptom and your earlier one about creating a session after a >> response has been committed are representative of the kinds of errors seen >> when a webapp stores references in an inappropriate scope. For example, >> keeping a reference to a request or response object in a static field, a >> session, or a thread-local, will often result in the wrong object being used >> later on. This is especially evident under high-load situations... >> >> - Chuck > > > Okay, it looks like you put me on the right track. Just discovered that one > of the servlets uses an instance variable to hold the > request/response/session objects. Oy, and it was like that since 2008! Not > positive this will resolve all the issues, but it's a clear bug. Thanks for > your tip. >
One more tip: run with "org.apache.catalina.connector.RECYCLE_FACADES=true" That will be more secure and you will be able to more easily detect errors like this one. http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html http://tomcat.apache.org/tomcat-7.0-doc/security-howto.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
