Richard, 

Does this happen only if you are using cookies?

Celeste

-----Original Message-----
From: Merdinger, Richard [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 5:59 PM
To: JRun-Talk
Subject: RE: Attn: Sessions getting mixed up - I'd be worried JRun
people!


Hi all:
This is a result of the app server *assigning* the same jsessionid to two
different client requests.  These requests can come from different users on
different machines using different browser manufacturers.  I've done it,
I've reproduced it with a FRESH JRun installation with a FRESH JRun server
instance with a FRESH application context.  There was one file in the web
named index.jsp.  All it did was to <%= session.getID() %> (pardon the
syntax, I'm in a hurry<g>)

Both I and a guy in an adjacent cube would 
1.  Go to the suspect URL 
2.  compare the session ID's
3.  If they were different, we would close the browser completely and
repeat.

eventually, we would both see the same jsessionid on the screen.

The one telltale symptom was that, even though we were using cookies, the
url string was rewritten to include the "?jsessionid=" when the problem
arose.

I gave the tech folks at JRun support the instructions on how to do it and
they reproduced it.

It was a confirmed bug by the JRun tech folks, and they stated so in an
email.

What they did about it, I don't know.  I would appreciate them telling us,
though.

--Rich
-----Original Message-----
From: michael veit [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 08, 2001 11:59 AM
To: JRun-Talk
Subject: Re: Attn: Sessions getting mixed up - I'd be worried JRun
people!


I think I see what you mean - since it JRun is just
looking for a cookie to decide whether the session is
new or not. gotcha.

did u see Rich Merdingers post? I think he is saying
that Allaire has knows about the bug..I am trying to
confirm with him.

  




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Get the mailserver that powers this list at http://www.coolfusion.com
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Reply via email to