You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Rubenis <pa...@tc.umn.edu> on 2001/11/15 17:32:15 UTC
Sessions being shared... (TC 3.2.3)
I have some strangeness happening when using Tomcat 3.2.3, Apache and
an EJB Server. Though it appears to be a session issue. The
application is using SSL via Apache.
Basically people log into the application via a jsp, the jsp creates a
session for that person and stuffs information about them into it. What
is happening is that somehow sessions are being shared between people.
So person A logs in just fine, does some stuff. Person B then logs in,
gets the session id for person A and therefore can see everything person
A can in the application. Obviously this is bad. What perplexes me is
how anyone could EVER get another persons sessionid.
Here are the specs for the environment:
Solaris 7
java 1.3.1
jakarta 3.2.3
apache-ssl 1.3.19
Thanks for any insight people might have on this.
--
+-------------------------------------- mailto:paulr@tc.umn.edu ----+
| Paul M Rubenis - System Administrator |
| Phone: (612) 624-8337 |
| Fax: (612) 625-6853 |
+-------------------------------------------------------------------+
| Any connection between your reality and mine is purely |
| coincidental. |
--
To unsubscribe: <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>