[jboss-user] [Tomcat Integration] - Re: Session is getting merge with other session
davewebb
do-not-reply at jboss.com
Thu Dec 10 22:41:36 EST 2009
Brian,
It was reported to me in October, then again today. I log the sessionId when a user logs into my app, and today I could see that the sessionId
hGbGpyqSV2CPfJKGZi0KGg**.node1
was given to one user at 1:49PM and then to another user at 4:43PM. The first user complained that at 4:45PM she was seeing "Someone else's data". It is disturbing that the duplicate Id came from the same cluster node.
I could probably run a query against the access table to see how often it is happening if that would help. However, it appears that the fix you are recommending be made in 4.2.3 already exists in another branch. After which version of JBoss AS is that fix applied?
I also read that this can happen when sessionIds are recycled, and when the session cookie is being used in the URL (such as a bookmarked page with jsessionid) that JBoss will use the sessionId passed in without creating a new one.
http://kbase.redhat.com/faq/docs/DOC-17273
Is that true and will setting this value in the Connector help?
emptySessionPath=false
Thank you for your help. Upgrading to a newer version of JBoss is acceptable if needed, but a short term fix could help buy me a little more time to manage the upgrade.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4270112#4270112
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4270112
More information about the jboss-user
mailing list