You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Oto Buchta <ta...@neo.cz> on 2001/12/18 09:11:36 UTC

Patch for bad Implementation of the session serialization mechanism

Hi,
I've download tomcat 4.0.1 and I have the great problem with sessions, when 
I've uncommented the Session Manager.
If I use configuration
<Manager className="org.apache.catalina.session.PersistentManager"
              debug="0"
              saveOnRestart="true"
              maxActiveSessions="1000"
              minIdleSwap="-1"
              maxIdleSwap="300"
              maxIdleBackup="-1">
                <Store className="org.apache.catalina.session.FileStore"/>
          </Manager>
in server.xml, all active sessions are filled with the old stored values each 
one minute.

Why?
The bug is allowed by stupid implementation of harmless method 
StandardSession.setId(String id)
When somebody has written the method StoreBase.processExpires() he has no 
idea about problems with creating new session from file, testing its settings 
and removing the session. It seems to be good idea, but the method 
StandardSession.load(String) loads the session from file (correct), but it 
also stores the session to the manager (throw setId(String) method) and than 
it (only for testing, if the session file have to be removed) stores the 
session to the manager and replaces the current, active session.

So,
I've changed three classes from org.apache.catalina.session package :
StoreBase - processExpires() is commented due the thread with the same 
functonality is started by PersistentManagerBase. Other reason is the 
unsynchronisation and possible "unconsistence", because the StoreBase time to 
time loads session, which is not stored completely.
ManagerBase and StandardSession - adding of the new session is moved from the 
StandardSession.setId() (may be called also by load() ) to the 
ManagerBase.createSession() .

I know that the moving of the calling add() may be a problem because of the 
removing the transparent addign to the Manager, but current implementation 
doesn't work :-(((((((

Please test it.

All diffs are created against the source distribution of the tomcat-4.0.1 .
-- 
Oto 'tapik' Buchta