Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: No Release
Affects Version/s: JBossAS-5.1.0.GA
Component/s: Clustering, Web (Tomcat) service
Labels:
None

Workaround Description:

Hide

add -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false

Show
add -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false

SFDC Cases Counter:
SFDC Cases Links:

Description

if we create a new session, or request an invalidated session, tomcat will try to look up the session from the others web context's distributed cache. if we have many web context, it's a big issue.
in org.apache.catalina.connector.Request
// Verify that the submitted session id exists in one of the host's web applications
String sessionId = requestedSessionId;
if (sessionId != null) {
if (SESSION_ID_CHECK) {
boolean found = false;
try {
if (!found) {
Container children[] = getHost().findChildren();
for (int i = 0; (i < children.length) && !found; i++) {
if ((children[i].getManager() != null)
&& (children[i].getManager().findSession(sessionId) != null))

{ found = true; }

}
}
} catch (IOException e)

{ // Ignore: one manager is broken, and it will show up elsewhere again }

if (!found)

{ sessionId = null; }

} else if (!isRequestedSessionIdFromCookie())

{ sessionId = null; }

}
i can disable it by -Dorg.apache.catalina.connector.Request.SESSION_ID_CHECK=false;

Attachments

Activity

People

Assignee:: Paul Ferraro

Reporter:: jimmy xu (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 2011/02/28 3:55 AM

Updated:: 2011/04/21 2:26 PM