[jboss-user] [Tomcat Integration] - Re: Session is getting merge with other session

Thursday, 10 December 2009

Dave,

I missed your post in October. Yours and igain's are the only reports I've had of
this occuring. It's obviously a significant concern.

How frequently are you seeing this?

Only suggestions I can make involve code changes:

1) To tomcat/src/main/org/jboss/web/tomcat/service/session/JBossCacheManager.java add

  |    @Override
  |    protected String getNextId()
  |    {
  |       while (true)
  |       {
  |          String id = super.getNextId();
  |          if (sessions_.containsKey(id) || unloadedSessions_.containsKey(id))
  |          {
  |             continue;
  |          }
  |          else
  |          {
  |             return id;
  |          }
  |       }
  |    }

That's in later version of the class.

2) The SessionIDGenerator class itself was recently changed, primarily to support use of
/dev/urandom as a source of random bytes. You could look at porting some of that back to
the 4.2.3 version. Current version of the class is at
https://svn.jboss.org/repos/jbossas/trunk/tomcat/src/main/java/org/jboss/...

I've tested the SessionIDGenerator and created millions of IDs without duplicates. So
any info on when/how this happens would be most appreciated.

View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4270104#...

Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Tomcat Integration] - Re: Session is getting merge with other session