[jboss-jira] [JBoss JIRA] Created: (JBAS-8915) Avoid look up session from the others web context's distributed cache when create a new sessions/read expired sessions.
jimmy xu (JIRA)
jira-events at lists.jboss.org
Mon Feb 28 03:56:27 EST 2011
Avoid look up session from the others web context's distributed cache when create a new sessions/read expired sessions.
------------------------------------------------------------------------------------------------------------------------
Key: JBAS-8915
URL: https://issues.jboss.org/browse/JBAS-8915
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Clustering, Web (Tomcat) service
Affects Versions: JBossAS-5.1.0.GA
Reporter: jimmy xu
Assignee: Paul Ferraro
if we create a new session, or request an invalidated session, tomcat will try to look up the session from the others web context's distributed cache. if we have many web context, it's a big issue.
in org.apache.catalina.connector.Request
// Verify that the submitted session id exists in one of the host's web applications
String sessionId = requestedSessionId;
if (sessionId != null) {
if (SESSION_ID_CHECK) {
boolean found = false;
try {
if (!found) {
Container children[] = getHost().findChildren();
for (int i = 0; (i < children.length) && !found; i++) {
if ((children[i].getManager() != null)
&& (children[i].getManager().findSession(sessionId) != null)) {
found = true;
}
}
}
} catch (IOException e) {
// Ignore: one manager is broken, and it will show up elsewhere again
}
if (!found) {
sessionId = null;
}
} else if (!isRequestedSessionIdFromCookie()) {
sessionId = null;
}
}
i can disable it by -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list