You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2010/07/06 12:27:41 UTC
DO NOT REPLY [Bug 40114] Session inadvertently "hijacked" by
different after server restart
https://issues.apache.org/bugzilla/show_bug.cgi?id=40114
Denis A. <al...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
--- Comment #2 from Denis A. <al...@gmail.com> 2010-07-06 06:27:37 EDT ---
This happen with:
* Tomcat 5.5.26
* Server running in VMWARE Server 2.0.2 Build 203138
* Virtual hardware version 7
* OS: Windows 2003 Server Standard french 32bits
* CPU: 1 CPU 2.597 GHz
* RAM: 4096 MB
* Java: Java 6 update 16 et Java SE Development Kit 6 Update 16
* A web application using MyFaces 1.1.5
* Persistent sessions are disabled in context.xml:
<!-- Uncomment this to disable session persistence across Tomcat restarts
-->
<Manager pathname="" />
This seems to happen only after a server restart.
For example an user login and has some session scoped beans from its session
and other from another old session.
This is a serious issue as it allow to get confidential information.
Any clue on how to debug/solve this?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org