[OpenSTA-devel] Possible Issue with applications sending two cookies at once
Brought to you by:
dansut
Menu
▾
▴
[OpenSTA-devel] Possible Issue with applications sending two cookies at once
|
From: Olaf K. <ok...@ab...> - 2005-08-11 15:47:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, regarding Joseph Celanos thread "Tomcat 5.0 Session Info Not Maintained" on the user mailing list I thought it might be good to discuss an external bug report here - I have not yet tried what they say there but it seems reasonable: I can't say if this really qualifies as tomcat bug, the same may occur from any web application and is probably difficult to track down. Is it worth thinking about handling the situation of two cookies of the same name in OpenSTA? Or do I sound stupid and should rephrase what I wanted to ask? Cheers, Olaf http://jasigch.princeton.edu:9000/jira/browse/UP-819 The text there is: LoginServlet.java performs the following calls unconditionally: request.getSession().invalidate(); request.getSession(true); This results in exposing an apparent bug in Tomcat, which will generate two Set-Cookie headers for JSESSIONID. JSESSIONID is diferent in both, and the second one represents a valid session. Most browsers will take the second cookie and will function. We discovered the problem when running OpenSTA for load-testing, and OpenSTA, probably erroneously, picks the first cookie, which does not represent a valid session. Knowing of no easu way to modify OpenSTA, we have found that changing the above lines of code works around the problem: if (request.getSession(false) != null) request.getSession().invalidate(); // Retrieve the user's session request.getSession(true); -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC+3MSrOvgD3EqpS4RAnVhAJ4vZ6YKtb8WBzf5ilZTvDjp00gOQwCfQ2ZO Jtc9U5DCgn0rR44j0CjPdGg= =hEyK -----END PGP SIGNATURE----- |
