You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Ravi Pachipala <rp...@everypath.com> on 2003/11/04 16:27:50 UTC

tomcat session sharing problem

We are using tomcat 4.1.24 and we found a particular problem where user A in
one session is seeing user Bs information who logged in a different user in
tomcat.

We investigated this further and found that at the time this happened, there
was an exception in tomcat as follows. Both user A and B are logged in at
the same time and exception happens wen userA's session makes a
request.getParameters() call. Has anyone seen this? This is potentially a
very dangerous scenario  in production environments.

java.io.CharConversionException: isHexDigit
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:124)
        at org.apache.tomcat.util.buf.UDecoder.convert(UDecoder.java:87)
        at
org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:407
)
        at
org.apache.coyote.tomcat4.CoyoteRequest.parseRequestParameters(CoyoteRequest
.java:1966)
        at
org.apache.coyote.tomcat4.CoyoteRequest.getParameterNames(CoyoteRequest.java
:953)
        at
org.apache.coyote.tomcat4.CoyoteRequestFacade.getParameterNames(CoyoteReques
tFacade.java:183)
        at
com.everypath.online.epservlet.ControllingServlet.getParameters(ControllingS
ervlet.java:988)
        at
com.everypath.online.epservlet.ControllingServlet.getServerRequest(Controlli
ngServlet.java:725)
        at
com.everypath.online.epservlet.ControllingServlet.service(ControllingServlet
.java:236)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:247)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:193)
        at
filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:
170)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:213)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:193)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:256)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180
)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.
java:171)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172
)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:174)
        at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
        at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
        at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
        at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
        at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
        at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
        at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
        at
org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:619)
        at java.lang.Thread.run(Thread.java:4

Pre-compiling one JSP page at a time?!?

Posted by Jess Holle <je...@ptc.com>.

I look at the Tomcat 5 documentation for pre-compiling JSP pages and at 
the 5.0.15 source for JspC -- and as best I can tell there is absolutely 
no way to specify a particular set of JSP pages to compile at a given 
time.  Nested <include> elements don't work (as they are documented to 
in Ant's optional JspC task).  There is a setArgs(), but it takes an 
array of Strings -- which I don't believe will automatically be coerced 
out of any normal Ant property.

What am I missing?

I need to be able to compile one JSP page at a time for validation 
purposes in a large-team environment.  I need to know exactly which JSP 
pages pass and fail.  To complicate things there are a lot of JSP 
fragments that have .jsp suffixes, so we know a number will fail and 
would like to exclude them.

Is there some way I should be using Ant's JspC in conjunction with 
Tomcat 5 to get the right result or... what?

--
Jess Holle



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

Re: tomcat session sharing problem

Posted by Remy Maucherat <re...@apache.org>.

Ravi Pachipala wrote:

> We are using tomcat 4.1.24 and we found a particular problem where user A in
> one session is seeing user Bs information who logged in a different user in
> tomcat.
> 
> We investigated this further and found that at the time this happened, there
> was an exception in tomcat as follows. Both user A and B are logged in at
> the same time and exception happens wen userA's session makes a
> request.getParameters() call. Has anyone seen this? This is potentially a
> very dangerous scenario  in production environments.

I think you should try TC 4.1.29 or 5.0.14.
(please post that kind of message on tomcat-user)

Rémy



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org