Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-8915

Avoid look up session from the others web context's distributed cache when create a new sessions/read expired sessions.

    Details

    • Workaround Description:
      Hide

      add -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false

      Show
      add -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false

      Description

      if we create a new session, or request an invalidated session, tomcat will try to look up the session from the others web context's distributed cache. if we have many web context, it's a big issue.
      in org.apache.catalina.connector.Request
      // Verify that the submitted session id exists in one of the host's web applications
      String sessionId = requestedSessionId;
      if (sessionId != null) {
      if (SESSION_ID_CHECK) {
      boolean found = false;
      try {
      if (!found) {
      Container children[] = getHost().findChildren();
      for (int i = 0; (i < children.length) && !found; i++) {
      if ((children[i].getManager() != null)
      && (children[i].getManager().findSession(sessionId) != null))

      { found = true; }

      }
      }
      } catch (IOException e)

      { // Ignore: one manager is broken, and it will show up elsewhere again }

      if (!found)

      { sessionId = null; }

      } else if (!isRequestedSessionIdFromCookie())

      { sessionId = null; }

      }
      i can disable it by -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false;

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pferraro Paul Ferraro
                Reporter:
                jimmy.xu jimmy xu
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: