You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Uw...@t-systems.com on 2011/12/20 14:51:55 UTC
AW: Mysterious request edirect with value exchange
Thanks for the answer.
We have a test environment but there it isn't reproducible.
Just on the production system. But everything is configured identical.
We use Apache with mod_proxy (via AJP).
Only the connector? It is pretty standard.
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
<GlobalNamingResources>
<Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvmroute1">
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
managerClassName="org.apache.catalina.cluster.session.DeltaManager"
expireSessionsOnShutdown="false"
useDirtyFlag="true"
notifyListenersOnReplication="true">
<Membership
className="org.apache.catalina.cluster.mcast.McastService"
mcastAddr="228.0.0.4"
mcastPort="45564"
mcastFrequency="500"
mcastDropTime="3000"/>
<Receiver
className="org.apache.catalina.cluster.tcp.ReplicationListener"
tcpListenAddress="10.197.120.52"
tcpListenPort="4002"
tcpSelectorTimeout="100"
tcpThreadCount="6"/>
<Sender
className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
replicationMode="pooled"
ackTimeout="15000"/>
<Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;"/>
<Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
tempDir="/tmp/war-temp/"
deployDir="/tmp/war-deploy/"
watchDir="/tmp/war-listen/"
watchEnabled="false"/>
<ClusterListener
className="org.apache.catalina.cluster.session.ClusterSessionListener"/>
</Cluster>
</Host>
</Engine>
</Service>
</Server>
The Apache Tomcat Native library is not installed.
Thanks
Uwe
-----Ursprüngliche Nachricht-----
Von: Christopher Schultz [mailto:chris@christopherschultz.net]
Gesendet: Freitag, 25. November 2011 15:33
An: Tomcat Users List
Betreff: Re: Mysterious request edirect with value exchange
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Uwe,
On 11/25/11 7:43 AM, Uwe.Hellmann@t-systems.com wrote:
> We have a Loadbalancer which roundrobin addresses 2 Apache 2.2.
> which passes their requests via mod_proxy balancer to 2 tomcat
> 5.5.26 servers which are configured identical and have also
> clustering enabled. The application is located only on the
> tomcats.
Are you using HTTP or AJP? From your description, it's probably HTTP
but it's worth asking.
Are you able to test/reproduce without the lb or a second Tomcat in
the mix? I'm sure this is a rare occurrence, so reproducing might not
be easy. If you have a test bed environment that is identical to
production (you do have one, right?), can you load it down and observe
intermittent failures like this? If so, try hitting a single Tomcat
directly and see if the problem disappears.
> So what we have is a redirected response from a failed login
> process. As example we have an login mask and while tryinig to
> login we put the username "Tester" in the username inputfield send
> the form away and get a login error message and the following URL
> string: http://mytestsystem/login.action?login_error=1&u=Tester In
> the input field the value Tester is still set.
>
> This result is as expected, but from time to time we saw the
> following URL string returned
> http://mytestsystem/login.action?login_error=1&u=OtherUser although
> we sent the form with Tester as value away. But now in the input
> field it is also OtherUser set.
Have you reviewed the code in your test? Sometimes the tests are
flawed. :(
> We have checked Loadbalancer rewrites(possible Proxywrites) and
> fount nothing. The behaviour seem to appear if we have much load on
> these systems. Does anybody have any idea where I should start my
> investigation. I would assume the application does have a problem
> with session handling or a corruptable redirection method but the
> developer told us everything is fine.
Of course the developer told you that the software is bulletproof. :)
Can you post your <Connector> elements from your server.xml (minus
anything that might be considered sensitive, of course), and let us
know if you are using APR (aka "native") with Tomcat.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7PpxcACgkQ9CaO5/Lv0PCuigCgl0CL4wzLoe616M4NBPBVKm6i
jnIAn0q2Y8G8D1PYqAEeSB3VojOfMgms
=Th2F
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AW: Mysterious request edirect with value exchange
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Uwe,
On 12/20/11 8:51 AM, Uwe.Hellmann@t-systems.com wrote:
> Thanks for the answer. We have a test environment but there it
> isn't reproducible.
That's unfortunate.
> Just on the production system. But everything is configured
> identical. We use Apache with mod_proxy (via AJP).
>
> Only the connector? It is pretty standard.
>
> <Listener className="org.apache.catalina.core.AprLifecycleListener"
> />
Are you actually using APR? Many people have the listener enabled, but
the native library isn't installed.
> <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25" maxSpareThreads="75" enableLookups="false"
> redirectPort="8443" acceptCount="100" connectionTimeout="20000"
> disableUploadTimeout="true" />
That's not an AJP connector. So, how are you connecting httpd to
Tomcat? Perhaps you are using mod_proxy_http.
Honestly, it sounds from your original description (a month ago) like
you have a component that is inappropriately sharing information
between requests. I'd take a careful look at your authentication code.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk7wy2oACgkQ9CaO5/Lv0PAyYgCeNdfYx7Sk/icfAfvHs70WFOQJ
/s8AoJTPPUONR+VdBDL+3lRUP3fNvIQP
=WqYa
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org