You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/12/21 12:00:18 UTC
DO NOT REPLY [Bug 44116] New: - Multiple JSESSIONID handling with overlapping domains does not work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
Summary: Multiple JSESSIONID handling with overlapping domains
does not work
Product: Tomcat 6
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: david.ramblewski@gmail.com
CC: david.ramblewski@atosorigin.com
The changelog notes for mod_jk 1.2.6/1.2.7 specify that mod_jk properly handle
multiple JSESSIONID cookies with overlapping domains as described below:
"Check all JSESSIONID cookies for a valid jvmRoute. If you have multiple Tomcats
with overlapping domains, then you can get multiple cookies without a defined
order. This will route correctly as long as the different domains don't have any
Tomcats in common. (billbarker)"
Unfortunately this feature does not work properly because of a bug in the design
implementation.
In the source file "jk_lb_worker.c", the function "get_cookie" should get every
JSESSIONID cookies contained in the HTTP header but there is a mistake using the
char pointers "id_start/id__end". The result is that we just get the first
JESSSIONID cookie, the other are simply lost in memory.
The bug is reproductible as follow:
nc website 80
GET /hello.jsp HTTP/1.0
Then you will get a JSESSIONID Cookie in the HTTP header, for example:
Set-Cookie: JSESSIONID=297267684ED72B2F3AB38CFDD4402FC5; Path=/
Finally:
nc website 80
GET /hello.jsp HTTP/1.0
Cookie:
JSESSIONID=297267684ED72B2F3AB38CFDD4402FC6;JSESSIONID=297267684ED72B2F3AB38CFDD4402FC5;
You should not get another JSESSIONID (Set-Cookie option directive) and your
request should be forwarded to the correct tomcat worker but it does not work.
Actually, mod_jk get the first JSESSIONID which is voluntary invalid but Tomcat
does not know it and send us another "Set-Cookie" HTTP option header.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |
------- Additional Comments From rainer.jung@kippdata.de 2007-12-21 03:35 -------
Reopen, so that we will actually consider the patch for inclusion. Will only be
closed/fixed after applied to the code.
Thanks for the patch. Unfortunately it's a couple of days to late for 1.2.26,
which we are going to tag today, but we will have a look at the patch for 1.2.27.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
------- Additional Comments From david.ramblewski@gmail.com 2007-12-21 03:14 -------
The patch has been successfully tested with tomcat-connectors version 1.2.25 but
should work with versions from 1.2.6 to 1.2.25.
The following products are actually used on many production sites:
tomcat-connectors 1.2.25 patched / apache-tomcat 5.5.12, 5.5.15, 5.5.17 and 5.5.25.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |NEEDINFO
------- Additional Comments From rainer.jung@kippdata.de 2008-01-02 14:06 -------
I made a small variation of your patch, which I attach to this issue.
The basic idea is the same, but it might copy a little less and also uses id_end
to move id_start forward, so we have to do a little less earching. Finally it
terminates at the earlier of ';' and ',' by using strpbrk.
If you have a good test case, could you do some testing of it? Feedback would be
nice.
If all goes well, we'll include this for 1.2.27.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
------- Additional Comments From david.ramblewski@gmail.com 2008-01-03 02:45 -------
The last patch has been successfully tested with tomcat-connectors version
1.2.25 so there is no feature regression.
I'm going to package the modules for apache 1.3 and apache 2.0 and it will be
tagged STABLE on our production sites in few minutes.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
david.ramblewski@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
david.ramblewski@gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Native:JK |Native:JK
Product|Tomcat 6 |Tomcat 5
Target Milestone|default |---
Version|unspecified |5.0.0
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
------- Additional Comments From david.ramblewski@gmail.com 2007-12-21 03:04 -------
Created an attachment (id=21300)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=21300&action=view)
Handle multiple JSESSIONID cookies with tomcat overlaping domains
BugFix for the feature:
"Check all JSESSIONID cookies for a valid jvmRoute. If you have multiple
Tomcats with overlapping domains, then you can get multiple cookies without a
defined order. This will route correctly as long as the different domains don't
have any Tomcats in common. (billbarker)"
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #21300|0 |1
is obsolete| |
------- Additional Comments From rainer.jung@kippdata.de 2008-01-02 14:04 -------
Created an attachment (id=21338)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=21338&action=view)
Alternative patch
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 44116] - Multiple JSESSIONID handling with overlapping domains does not work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution| |FIXED
------- Additional Comments From rainer.jung@kippdata.de 2008-01-03 03:23 -------
Thank you for your quick feedback.
The patch has been committed and will be part of 1.2.27.
I'm closing this now, don't hesitate to reopen, if needed.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org