You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Oto Buchta <ta...@neo.cz> on 2001/12/18 09:11:36 UTC
Patch for bad Implementation of the session serialization mechanism
Hi,
I've download tomcat 4.0.1 and I have the great problem with sessions, when
I've uncommented the Session Manager.
If I use configuration
<Manager className="org.apache.catalina.session.PersistentManager"
debug="0"
saveOnRestart="true"
maxActiveSessions="1000"
minIdleSwap="-1"
maxIdleSwap="300"
maxIdleBackup="-1">
<Store className="org.apache.catalina.session.FileStore"/>
</Manager>
in server.xml, all active sessions are filled with the old stored values each
one minute.
Why?
The bug is allowed by stupid implementation of harmless method
StandardSession.setId(String id)
When somebody has written the method StoreBase.processExpires() he has no
idea about problems with creating new session from file, testing its settings
and removing the session. It seems to be good idea, but the method
StandardSession.load(String) loads the session from file (correct), but it
also stores the session to the manager (throw setId(String) method) and than
it (only for testing, if the session file have to be removed) stores the
session to the manager and replaces the current, active session.
So,
I've changed three classes from org.apache.catalina.session package :
StoreBase - processExpires() is commented due the thread with the same
functonality is started by PersistentManagerBase. Other reason is the
unsynchronisation and possible "unconsistence", because the StoreBase time to
time loads session, which is not stored completely.
ManagerBase and StandardSession - adding of the new session is moved from the
StandardSession.setId() (may be called also by load() ) to the
ManagerBase.createSession() .
I know that the moving of the calling add() may be a problem because of the
removing the transparent addign to the Manager, but current implementation
doesn't work :-(((((((
Please test it.
All diffs are created against the source distribution of the tomcat-4.0.1 .
--
Oto 'tapik' Buchta