You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2014/03/13 11:19:00 UTC

[Bug 56256] New: Multiple cookies and parallel deployment

https://issues.apache.org/bugzilla/show_bug.cgi?id=56256

            Bug ID: 56256
           Summary: Multiple cookies and parallel deployment
           Product: Tomcat 8
           Version: 8.0.3
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: knst.kolinko@gmail.com

The following is based on reviewing the code of
CoyoteAdapter.postParseRequest(..)

Suppose the following scenario:

1) There are multiple versions of /foo web application.
2) Both /foo and ROOT web application create session cookies
3) A new version of /foo is deployed in parallel to the old one
4) Browser sends several SESSIONID cookies: for the ROOT webapp and for the old
version of /foo webapp.

Will the old version of /foo selected in this scenario?

The problem is that Tomcat first selects the only sessionID among several
cookies (in CoyoteAdapter.parseSessionCookiesId(..)) and then uses that only
sessionID to select webapp version (in CoyoteAdapter.postParseRequest(..)).


All works if there is a cookie that belongs to the latest version of the
webapp. On the first mapping the request is mapped to the latest version. Thus
'parseSessionCookiesId(..)' by default looks for sessionid that belongs to the
latest version of the web application.

If the cookie belongs to an earlier version, the 'parseSessionCookiesId(..)'
method selects sessionID value from the last cookie among SESSIONID cookies
sent by browser.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 56256] Multiple cookies and parallel deployment

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=56256

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Mark Thomas <ma...@apache.org> ---
The call to isRequestedSessionIdValid() checks all versions of the app for a
match.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org