[jboss-jira] [JBoss JIRA] Reopened: (JBAS-8915) Avoid look up session from the others web context's distributed cache when create a new sessions/read expired sessions.

Jason Greene (JIRA) jira-events at lists.jboss.org
Thu Apr 21 14:27:04 EDT 2011 

     [ https://issues.jboss.org/browse/JBAS-8915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Greene reopened JBAS-8915:
--------------------------------



Due to feedback from the community, I have split the AS7 and AS6 projects and reopened all unscheduled AS6 issues that are a year or less old. This will make it easier community members to find and work on them.

Future releases beyond 6.1 can be done provided a community member steps up to coordinate them.

> Avoid look up session from the others web context's distributed cache when  create a new sessions/read expired sessions.
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBAS-8915
>                 URL: https://issues.jboss.org/browse/JBAS-8915
>             Project: Legacy JBoss Application Server 6 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Clustering, Web (Tomcat) service
>    Affects Versions: JBossAS-5.1.0.GA
>            Reporter: jimmy xu
>            Assignee: Paul Ferraro
>             Fix For: No Release
>
>
> if we create a new session, or request an invalidated session, tomcat will try to look up the session from the others web context's distributed cache. if we have many web context, it's a big issue.
> in org.apache.catalina.connector.Request
> // Verify that the submitted session id exists in one of the host's web applications
>         String sessionId = requestedSessionId;
>         if (sessionId != null) {
>             if (SESSION_ID_CHECK) {
>                 boolean found = false;
>                 try {
>                     if (!found) {
>                         Container children[] = getHost().findChildren();
>                         for (int i = 0; (i < children.length) && !found; i++) {
>                             if ((children[i].getManager() != null) 
>                                     && (children[i].getManager().findSession(sessionId) != null)) {
>                                 found = true;
>                             }
>                         }
>                     }
>                 } catch (IOException e) {
>                     // Ignore: one manager is broken, and it will show up elsewhere again
>                 }
>                 if (!found) {
>                     sessionId = null;
>                 }
>             } else if (!isRequestedSessionIdFromCookie()) {
>                 sessionId = null;
>             }
>         }
> i can disable it by -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false;

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list