RE: Tabbed browsers sharing session - work around.
Hi Chris, Is there any way to dynamically create these contexts or do they require a live.xml, test.xml, etc within conf/Catalina/localhost. The multiple contexts would be my preferred approach although I would like to achieve this with a single code base if this is possible. The multiple environments are driven purely by the backend database connection, i.e. the code is the same with the only difference being where the data is being saved to. Hence the requirement to stop the browser sharing the same session when in different database connections. I'm surprised that other people are not having the same issues since the browser manufacturers decided to make this crazy change to session management between tabs/instances and suddenly share the same session. In I.E.6 two browser instances would be two separate sessions. I.E.7 they are the same session! Thanks for your input. Kind Regards, Rob. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/4/2010 6:11 AM, Ronald Klop wrote: > You can run your test environment on another hostname. > > live.example.com > test.example.com > train.example.com Or under another context: http://www.example.com/live http://www.example.com/test http://www.example.com/train The real question is why there's any confusion: your hostnames and/or URLs ought to be unique enough already. Otherwise, this sort of foolishness can affect your "real" users and you'll leak data all over the place. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ =JP4k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat6's home directory
Hello, My tomcat6 executes as a daemon and I need to know where is its home directory, because tomcat6 user executes a pg_dump command and it needs to find the .pgpass file. Thanks in advance.
RE: Tabbed browsers sharing session - work around.
Chris, See comments below:- > Rob, > > On 10/4/2010 7:27 AM, Rob Gregory wrote: > > Using the hostname doesn't really guarantee a unique session for example > > if I click new tab and paste the URL into the new window I suspect the > > browser will see the same session from the first tab. > > Note that you haven't changed the hostname in this case: you've just > cloned a browser window (or "tab" if you prefer to call it that). > > > In our application > > the user can then change the environment with disastrous consequences > > when updating the database. > > Sounds like you need to be pretty careful. Is it possible you've built a > fragile application? Some legacy parts of the application became fragile when the browsers started sharing sessions and this fix has been implemented to work around that fact. > > > Did you implement anything to stop the > > session sharing at this level. What I did was to use the window.name > > attribute to allow tracking of browser instances and compare this when > > doing the session timeout checking and this way I am able to redirect > > any further browser opens into new sessions. > > That's pretty fragile: relying on client-side javascript for anything > security-related is very foolish. I do not rely on javascript for security, it is used to provide a means of tracking open browser sessions. The worst a client could do would be to remove the window.name which would result in a new session being generated. > > > With the exception of WEB-INF (which was due to tomcat no longer seeing > > that as a WEB-INF call because I have my unique-id in the path) do you > > see any security faults in what I am doing? > > Many: disabling javascript on the client side will break your security. > An attacker overriding the javascript will break your security. The application has been security audited and after fixing a few issues is now very much secure. Disabling javascript wouldn't break the security model but we do require javascript to be enabled for correct functionality. To clarify I do not rely on javascript for anything security related and purely use this as a means of detecting the user has an existing browser window open. The window.name property is the only way to determine unique browser instances at the moment and even this is flawed if the browser is opened by a hyperlink containing a named target! I think browser manufacturers need to address this issue and provide some unique identification between browser requests. Until then I have no choice but to work-around this session sharing. Thanks again for your input, Rob > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkyqDOQACgkQ9CaO5/Lv0PBbSACfVhscYMSd4q13ivnaz4k6LdeQ > ZmgAoKSUg6VkjFxyFr47j1260++fjhre > =ct/x > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 6.0 bottleneck
Dear all, I administer a tomcat 6.0 on a windows 2008r2 server with sql server 2008. I am a Unix admin that had no contact with tomcat in the past; so, both tomcat and windows are a very peculiar combination for me :)... This server runs an application that can become quite (but-not-that-much) loaded. The thing is that I am observing a bottleneck on my system, despite the fact that my system has adequate free physical resources. To be more precise: my server.xml reads: maxThreads and masSpareThreads were raised by me to overcome the bottleneck, without any luck. my dboptions.properties reads: DATABASE_MAXCONNECTION = 100 MAX_TIME_TO_WAIT = 1 MINUTES_BETWEEN_REFRESH = 5 (but I doubt that these directives are taken into account.) The application was given to me running on windows 2003 server, tomcat 5, sql server 2000. I upgraded/migrated the machine to the latest binaries, and I am not sure that the old configuration files (web.xml, dboptions.properties, etc) are affecting the newer versions of tomcat in the same sense... When I try to connect to our application I get about a minute of delay once tcp connections on 2008 "resource monitor" exceed ~200. Before that number is reached, everything works extrmly great?! At that moment (>200 tcp connections) manager/status shows: Free memory: 699.33 MB Total memory: 1379.50 MB Max memory: 2275.56 MB Max threads: 500 Current thread count: 49 Current thread busy: 17 Max processing time: 400777 ms Processing time: 21227.893 s Request count: 20234 Error count: 1008 Bytes received: 0.17 MB Bytes sent: 75.70 MB and 100 sessions in the session tab. which is not that bad, I assume... Moreover, there is a lot of free memory on the system (more than 1G out of 4), cpu consumption is lower than 10%, and the database request per sec are at around 40. On sql server activity monitor, the most recent expensive query is 412ms. >From what I understand is that my system has still adequate free physical resources, sql server is not being pushed and the bottleneck comes from tomcat, where I have no clue what to tune. I read an article mentioning tunables on the the database-module, but the places where the tunables are located in the article where in a different path than the dboptions.properties file, and when I tried to setup the scenario on the article, my server did not startup. I wasn't paying too much attention on what I was doing because I couldn't understand what I was doing; if I could understand the process, the test scenario would have probably worked for me. The article is the following, and it seems great: http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html Now, from all that I mentioned before I assume that there must be a tunable (directive or something) that once exceeded the server "crawls". The thing is that just before that limit is reached the server runs as if it has no load at all. There is no gradual performance degradation whatsoever. If I had setup tomcat properly, I would expect sql server to become my bottleneck, since this is where all the queries are taking place. I am sure that those of you who know how to administer tomcat and/or windows machines have met this situation before and know which parameter to tune. If so, please let me know, cause I really have a headache due to this... Thank you all for your time and effort in advance, mamalos -- View this message in context: http://old.nabble.com/tomcat-6.0-bottleneck-tp29885725p29885725.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0 bottleneck
...and another thing: Yesterday, the server was running under this load, so when I checked the manager/status today I saw that current thread count was 500 while busy threads were only about 10. Shouldn't the threads be killed at some moment? What is the timeout option for this behavior? Thanx again -- View this message in context: http://old.nabble.com/tomcat-6.0-bottleneck-tp29885725p29885862.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat6's home directory
2010/10/5 Juan Carlos Afonso :
> Hello,
>
> My tomcat6 executes as a daemon and I need to know where is its home
> directory, because tomcat6 user executes a pg_dump command and it needs to
> find the .pgpass file. Thanks in advance.
>
You mean System.getProperty("user.home"); ?
http://download.oracle.com/javase/6/docs/api/java/lang/System.html#getProperties%28%29
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 6.0 bottleneck
> From: mamalacation [mailto:mamalacat...@hotmail.com] > Subject: tomcat 6.0 bottleneck > From what I understand is that my system has still adequate free physical > resources, sql server is not being pushed and the bottleneck comes from > tomcat, where I have no clue what to tune. Pretty much guaranteed that it's not Tomcat but your webapp that is locking itself out of access to some resource (such as the database). Take several thread dumps during the slowdown period and see what's going on. http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F http://wiki.apache.org/tomcat/FAQ/Performance_and_Monitoring BTW, tell us the *exact* Tomcat version, and the JVM level you're running on. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Rob, IE 6 is even more confusing. If you open a new window with ctrl-N you have the same session sharing as with tabs. Only if you click the IE6-icon to start a new instance of the process it will not share them. Opening a new tab in IE7 is like using ctrl-n to open a new window in IE6. Ronald. Op dinsdag, 5 oktober 2010 10:26 schreef Rob Gregory : Hi Chris, Is there any way to dynamically create these contexts or do they require a live.xml, test.xml, etc within conf/Catalina/localhost. The multiple contexts would be my preferred approach although I would like to achieve this with a single code base if this is possible. The multiple environments are driven purely by the backend database connection, i.e. the code is the same with the only difference being where the data is being saved to. Hence the requirement to stop the browser sharing the same session when in different database connections. I'm surprised that other people are not having the same issues since the browser manufacturers decided to make this crazy change to session management between tabs/instances and suddenly share the same session. In I.E.6 two browser instances would be two separate sessions. I.E.7 they are the same session! Thanks for your input. Kind Regards, Rob. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/4/2010 6:11 AM, Ronald Klop wrote: > You can run your test environment on another hostname. > > live.example.com > test.example.com > train.example.com Or under another context: http://www.example.com/live http://www.example.com/test http://www.example.com/train The real question is why there's any confusion: your hostnames and/or URLs ought to be unique enough already. Otherwise, this sort of foolishness can affect your "real" users and you'll leak data all over the place. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ =JP4k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Hi Ronald, Yes I was aware of that behaviour... Just for reference Firefox and Google Chrome also share session logic so I am surprised this hasn't been a problem for a lot more people. I am happy that my work around solves the session sharing problem but would still prefer to go down the dynamic context approach if this is at all possible? I am a bit tied up with some other development at the moment but will check the tomcat source code (unless someone can advise and save me the effort) when I get a chance. Thanks very much for your assistance Ronald. Kind Regards, Rob > > Rob, > > IE 6 is even more confusing. If you open a new window with ctrl-N you have the > same session sharing as with tabs. Only if you click the IE6-icon to start a > new instance of the process it will not share them. Opening a new tab in IE7 > is like using ctrl-n to open a new window in IE6. > > Ronald. > > > Op dinsdag, 5 oktober 2010 10:26 schreef Rob Gregory > : > > > > > > Hi Chris, > > > > Is there any way to dynamically create these contexts or do they require a > live.xml, test.xml, etc within conf/Catalina/localhost. The multiple contexts > would be my preferred approach although I would like to achieve this with a > single code base if this is possible. The multiple environments are driven > purely by the backend database connection, i.e. the code is the same with the > only difference being where the data is being saved to. Hence the requirement > to stop the browser sharing the same session when in different database > connections. > > > > I'm surprised that other people are not having the same issues since the > browser manufacturers decided to make this crazy change to session management > between tabs/instances and suddenly share the same session. In I.E.6 two > browser instances would be two separate sessions. I.E.7 they are the same > session! > > > > Thanks for your input. > > Kind Regards, > > Rob. > > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Ronald, > > > > On 10/4/2010 6:11 AM, Ronald Klop wrote: > > > You can run your test environment on another hostname. > > > > > > live.example.com > > > test.example.com > > > train.example.com > > > > Or under another context: > > > > http://www.example.com/live > > http://www.example.com/test > > http://www.example.com/train > > > > The real question is why there's any confusion: your hostnames and/or > > URLs ought to be unique enough already. Otherwise, this sort of > > foolishness can affect your "real" users and you'll leak data all over > > the place. > > > > - -chris > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.10 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh > > 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ > > =JP4k > > -END PGP SIGNATURE- > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tabbed browsers sharing session - work around.
Rob, The way you describe session sharing is indeed a problem. The way we deal with this is to use a separate database table to keep track of window ids. A unique value is assigned when a window is opened and maintained until the window is closed. Although the session may be the same for all open windows (tabs), the window id is unique. Significant values are posted to the window table and retrieved based on the window id. If there is another method using a Tomcat centric approach, I would love to hear about it. Stephen On Oct 5, 2010, at 9:01 AM, Ronald Klop wrote: > Rob, > > IE 6 is even more confusing. If you open a new window with ctrl-N you have > the same session sharing as with tabs. Only if you click the IE6-icon to > start a new instance of the process it will not share them. Opening a new tab > in IE7 is like using ctrl-n to open a new window in IE6. > > Ronald. > > > Op dinsdag, 5 oktober 2010 10:26 schreef Rob Gregory > : >> Hi Chris, >> Is there any way to dynamically create these contexts or do they require a >> live.xml, test.xml, etc within conf/Catalina/localhost. The multiple >> contexts would be my preferred approach although I would like to achieve >> this with a single code base if this is possible. The multiple environments >> are driven purely by the backend database connection, i.e. the code is the >> same with the only difference being where the data is being saved to. Hence >> the requirement to stop the browser sharing the same session when in >> different database connections. I'm surprised that other people are not >> having the same issues since the browser manufacturers decided to make this >> crazy change to session management between tabs/instances and suddenly share >> the same session. In I.E.6 two browser instances would be two separate >> sessions. I.E.7 they are the same session! Thanks for your input. >> Kind Regards, >> Rob. >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> Ronald, >> On 10/4/2010 6:11 AM, Ronald Klop wrote: >> > You can run your test environment on another hostname. >> > > live.example.com >> > test.example.com >> > train.example.com >> Or under another context: >> http://www.example.com/live >> http://www.example.com/test >> http://www.example.com/train >> The real question is why there's any confusion: your hostnames and/or >> URLs ought to be unique enough already. Otherwise, this sort of >> foolishness can affect your "real" users and you'll leak data all over >> the place. >> - -chris >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.10 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh >> 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ >> =JP4k >> -END PGP SIGNATURE- >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Hi Stephen, The approach we use was described in my original post. If you need more information then I can explain further if it helps. Note, our approach does require a bespoke tomcat request class (to change the session cookie path) and this has not been without teething problems. Are you also using the window.name to store this unique id? I worry that this may not persist across browser requests in the future but see no other way to identify a browser instance? Ideally the browser vendors should identify somehow on the request a unique id but then again we would still need to support older browser so would have to fall back to the window.name attribute anyway. What fun it is being a web developer and having to deal with the quirks of different browsers and the stateless request/response cycle ;o) Regards, Rob > > Rob, > > The way you describe session sharing is indeed a problem. The way we deal > with this is to use a separate database table to keep track of window ids. A > unique value is assigned when a window is opened and maintained until the > window is closed. Although the session may be the same for all open windows > (tabs), the window id is unique. Significant values are posted to the window > table and retrieved based on the window id. > > If there is another method using a Tomcat centric approach, I would love to > hear about it. > > Stephen > > On Oct 5, 2010, at 9:01 AM, Ronald Klop wrote: > > > Rob, > > > > IE 6 is even more confusing. If you open a new window with ctrl-N you have > the same session sharing as with tabs. Only if you click the IE6-icon to start > a new instance of the process it will not share them. Opening a new tab in IE7 > is like using ctrl-n to open a new window in IE6. > > > > Ronald. > > > > > > Op dinsdag, 5 oktober 2010 10:26 schreef Rob Gregory > : > >> Hi Chris, > >> Is there any way to dynamically create these contexts or do they require a > live.xml, test.xml, etc within conf/Catalina/localhost. The multiple contexts > would be my preferred approach although I would like to achieve this with a > single code base if this is possible. The multiple environments are driven > purely by the backend database connection, i.e. the code is the same with the > only difference being where the data is being saved to. Hence the requirement > to stop the browser sharing the same session when in different database > connections. I'm surprised that other people are not having the same issues > since the browser manufacturers decided to make this crazy change to session > management between tabs/instances and suddenly share the same session. In > I.E.6 two browser instances would be two separate sessions. I.E.7 they are the > same session! Thanks for your input. > >> Kind Regards, > >> Rob. > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> Ronald, > >> On 10/4/2010 6:11 AM, Ronald Klop wrote: > >> > You can run your test environment on another hostname. > >> > > live.example.com > >> > test.example.com > >> > train.example.com > >> Or under another context: > >> http://www.example.com/live > >> http://www.example.com/test > >> http://www.example.com/train > >> The real question is why there's any confusion: your hostnames and/or > >> URLs ought to be unique enough already. Otherwise, this sort of > >> foolishness can affect your "real" users and you'll leak data all over > >> the place. > >> - -chris > >> -BEGIN PGP SIGNATURE- > >> Version: GnuPG v1.4.10 (MingW32) > >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >> iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh > >> 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ > >> =JP4k > >> -END PGP SIGNATURE- > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 6.0 bottleneck
n828cl, n828cl wrote: > > > Pretty much guaranteed that it's not Tomcat but your webapp that is > locking itself out of access to some resource (such as the database). > Take several thread dumps during the slowdown period and see what's going > on. > > http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F > http://wiki.apache.org/tomcat/FAQ/Performance_and_Monitoring > > BTW, tell us the *exact* Tomcat version, and the JVM level you're running > on. > > as far as the version as concerned: Tomcat Version: 6.0.26 JVM Version : 1.6.0_20-b02 JVM Vendor : Sun Microsystems Inc. I will look at the links you proposed to see what's going on with my webapps, but I am pretty sure that there must be some limit somewhere that I can't see. Where can I set the database options regarding timouts, pool size, max_database_connections, etc? thanx again, mamalos -- View this message in context: http://old.nabble.com/tomcat-6.0-bottleneck-tp29885725p29887279.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
> From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > Subject: RE: Tabbed browsers sharing session - work around. > I am surprised this hasn't been a problem for a > lot more people. It's not a problem for most because most don't try to run live, test, and training inside a single on a single . Attempting to do so is extremely scary. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 6.0 bottleneck
Op dinsdag, 5 oktober 2010 15:27 schreef mamalacation : n828cl, n828cl wrote: > > > Pretty much guaranteed that it's not Tomcat but your webapp that is > locking itself out of access to some resource (such as the database). > Take several thread dumps during the slowdown period and see what's going > on. > > http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F > http://wiki.apache.org/tomcat/FAQ/Performance_and_Monitoring > > BTW, tell us the *exact* Tomcat version, and the JVM level you're running > on. > > as far as the version as concerned: Tomcat Version: 6.0.26 JVM Version : 1.6.0_20-b02 JVM Vendor : Sun Microsystems Inc. I will look at the links you proposed to see what's going on with my webapps, but I am pretty sure that there must be some limit somewhere that I can't see. Where can I set the database options regarding timouts, pool size, max_database_connections, etc? thanx again, mamalos Try the tools to make a threadsdump. That wil show you what the webapp is doing and wil probably give you a hint about the 'limits'. Stay open minded. You can also have some bug in the software so some resources are never free'd. In that case you can keep raising the limits, but that doesn't solve the problem. Ronald.
RE: Tabbed browsers sharing session - work around.
Hi Chuck, It wouldn't be live test and train, normally it's test & train together with live being a separate install altogether. Unfortunately, this is a requirement I cannot avoid and was fine until the browsers changed to share sessions. I presume they have changed to support navigating the same site using multiple tabs etc. but it certainly is a pain especially as you have no idea the requests are coming from multiple sources. Regards, Rob > -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: 05 October 2010 14:40 > To: Tomcat Users List > Subject: RE: Tabbed browsers sharing session - work around. > > > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > > Subject: RE: Tabbed browsers sharing session - work around. > > > I am surprised this hasn't been a problem for a > > lot more people. > > It's not a problem for most because most don't try to run live, test, and > training inside a single on a single . Attempting to do so is > extremely scary. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0 bottleneck
On 05.10.2010 15:27, mamalacation wrote: n828cl, n828cl wrote: Pretty much guaranteed that it's not Tomcat but your webapp that is locking itself out of access to some resource (such as the database). Take several thread dumps during the slowdown period and see what's going on. http://wiki.apache.org/tomcat/HowTo#How_do_I_obtain_a_thread_dump_of_my_running_webapp_.3F http://wiki.apache.org/tomcat/FAQ/Performance_and_Monitoring BTW, tell us the *exact* Tomcat version, and the JVM level you're running on. as far as the version as concerned: Tomcat Version: 6.0.26 JVM Version : 1.6.0_20-b02 Update to 1.6.0_21, there's a serious bug in 20 concerning string functions on certain types of x86 CPUs. Not saying this is reason for anything you observe, it's just not a solid base. JVM Vendor : Sun Microsystems Inc. I will look at the links you proposed to see what's going on with my webapps, but I am pretty sure that there must be some limit somewhere that I can't see. Where can I set the database options regarding timouts, pool size, max_database_connections, etc? Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tabbed browsers sharing session - work around.
Our app running on Tomcat 5.0.28 has some kind of kluge involving a flown-in vhosts.xml file in .../conf that uses aliases such that people can have separate sessions of the same app on separate tabs. I have no idea if this is how this should have been done back in the olden days but more importantly I'd like to understand the "industrially correct" way to obtain this behavior under 6.0.* Tomcat...if it's not already the default. - Jeff On 10/5/10 9:16 AM, Stephen Caine wrote: Rob, The way you describe session sharing is indeed a problem. The way we deal with this is to use a separate database table to keep track of window ids. A unique value is assigned when a window is opened and maintained until the window is closed. Although the session may be the same for all open windows (tabs), the window id is unique. Significant values are posted to the window table and retrieved based on the window id. If there is another method using a Tomcat centric approach, I would love to hear about it. Stephen On Oct 5, 2010, at 9:01 AM, Ronald Klop wrote: Rob, IE 6 is even more confusing. If you open a new window with ctrl-N you have the same session sharing as with tabs. Only if you click the IE6-icon to start a new instance of the process it will not share them. Opening a new tab in IE7 is like using ctrl-n to open a new window in IE6. Ronald. Op dinsdag, 5 oktober 2010 10:26 schreef Rob Gregory: Hi Chris, Is there any way to dynamically create these contexts or do they require a live.xml, test.xml, etc within conf/Catalina/localhost. The multiple contexts would be my preferred approach although I would like to achieve this with a single code base if this is possible. The multiple environments are driven purely by the backend database connection, i.e. the code is the same with the only difference being where the data is being saved to. Hence the requirement to stop the browser sharing the same session when in different database connections. I'm surprised that other people are not having the same issues since the browser manufacturers decided to make this crazy change to session management between tabs/instances and suddenly share the same session. In I.E.6 two browser instances would be two separate sessions. I.E.7 they are the same session! Thanks for your input. Kind Regards, Rob. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 10/4/2010 6:11 AM, Ronald Klop wrote: You can run your test environment on another hostname. live.example.com test.example.com train.example.com Or under another context: http://www.example.com/live http://www.example.com/test http://www.example.com/train The real question is why there's any confusion: your hostnames and/or URLs ought to be unique enough already. Otherwise, this sort of foolishness can affect your "real" users and you'll leak data all over the place. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyqDDQACgkQ9CaO5/Lv0PDWRACgrlgU+jY+n8nMCZ2WTO63UHDh 10UAoJdyNWqu0nlRGcWbJ6Mcc7zbsGy+ =JP4k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
I agree, this is a very scary app to support. At a minimum, multiple contexts, each with its own database resource definition would avoid a lot of the OP's problems, wouldn't it? I'm not a developer, but from an SA standpoint, this gives me the willys. Q: Can the cookie be tied to "hostname/context"? > -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, October 05, 2010 8:40 AM > To: Tomcat Users List > Subject: RE: Tabbed browsers sharing session - work around. > > > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > > Subject: RE: Tabbed browsers sharing session - work around. > > > I am surprised this hasn't been a problem for a > > lot more people. > > It's not a problem for most because most don't try to run live, test, > and training inside a single on a single . Attempting > to do so is extremely scary. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender and > delete the e-mail and its attachments from all computers. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Hi Jeffrey, Yes, the cookie can and is tied to the context. I just take this another level and tied it against a virtual context so as far as the browser is concerned they are different sites and as such, different sessions. Regards, Rob. > -Original Message- > From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Sent: 05 October 2010 15:26 > To: Tomcat Users List > Subject: RE: Tabbed browsers sharing session - work around. > > I agree, this is a very scary app to support. > > At a minimum, multiple contexts, each with its own database resource > definition would avoid a lot of the OP's problems, wouldn't it? I'm not > a developer, but from an SA standpoint, this gives me the willys. > Q: Can the cookie be tied to "hostname/context"? > > > -Original Message- > > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > > Sent: Tuesday, October 05, 2010 8:40 AM > > To: Tomcat Users List > > Subject: RE: Tabbed browsers sharing session - work around. > > > > > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > > > Subject: RE: Tabbed browsers sharing session - work around. > > > > > I am surprised this hasn't been a problem for a > > > lot more people. > > > > It's not a problem for most because most don't try to run live, test, > > and training inside a single on a single . Attempting > > to do so is extremely scary. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > PROPRIETARY MATERIAL and is thus for use only by the intended > > recipient. If you received this in error, please contact the sender > and > > delete the e-mail and its attachments from all computers. > > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > __ > > Confidentiality Notice: This Transmission (including any attachments) may > contain information that is privileged, confidential, and exempt from > disclosure under applicable law. If the reader of this message is not the > intended recipient you are hereby notified that any dissemination, > distribution, or copying of this communication is strictly prohibited. > > If you have received this transmission in error, please immediately reply to > the sender or telephone (512) 343-9100 and delete this transmission from your > system. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tabbed browsers sharing session - work around.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, On 10/5/2010 5:03 AM, Rob Gregory wrote: >> Sounds like you need to be pretty careful. Is it possible you've built a >> fragile application? > > Some legacy parts of the application became fragile when the browsers > started sharing sessions and this fix has been implemented to work > around that fact. I'm not sure anything changed recently with web browsers: cookies have always worked this way, tabs or not. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrOnIACgkQ9CaO5/Lv0PAjZACfVpeZ5GcmtKXgt/UmmO34Xw4R 1OwAoIRt03dpZFoBbuRnyzvzGgsxS5jB =JiSB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tabbed browsers sharing session - work around.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, On 10/5/2010 4:26 AM, Rob Gregory wrote: > Is there any way to dynamically create these contexts or do they > require a live.xml, test.xml, etc within conf/Catalina/localhost. You can use JMX or the manager to deploy an application under any context name. I haven't tried myself, but I would imagine that you can also provide a context.xml to ensure that you get the database configuration that you need. > I'm surprised that other people are not having the same issues since > the browser manufacturers decided to make this crazy change to > session management between tabs/instances and suddenly share the same > session. I'm still puzzled as to what you think changed in the web browser world. > In I.E.6 two browser instances would be two separate > sessions. I.E.7 they are the same session! Hm. Are you talking about multi-process MSIE versus single-process MSIE? It's dangerous to rely on the user launching separate browser processes to use your application(s) if the possibility exists that significant confusion can arise. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrO2YACgkQ9CaO5/Lv0PBROwCbBbdHwit1FxnShkXNLZ3wDVQA sZgAn3+yal50iSIIVeMZ9bY8EKRejLT2 =5SOW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Hi Chris, In Internet Explorer 5.5,6.0 if you opened up two separate browser instances they would have two 'un-connected' sessions. As stated by Ronald they would share the session if the 2nd was opened using ctrl-n but otherwise the sessions would be unique. Cookies may have always worked as they do now but the browser would store them within each instance. They seem to have changed to now share the sessions/cookies and this was introduced at the same time as tabbed browsers IE7+. Regards, Rob > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rob, > > On 10/5/2010 5:03 AM, Rob Gregory wrote: > >> Sounds like you need to be pretty careful. Is it possible you've built a > >> fragile application? > > > > Some legacy parts of the application became fragile when the browsers > > started sharing sessions and this fix has been implemented to work > > around that fact. > > I'm not sure anything changed recently with web browsers: cookies have > always worked this way, tabs or not. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkyrOnIACgkQ9CaO5/Lv0PAjZACfVpeZ5GcmtKXgt/UmmO34Xw4R > 1OwAoIRt03dpZFoBbuRnyzvzGgsxS5jB > =JiSB > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
This application (or mess of applications munged together) is a big mistake, the source of all your problems and should be the only thing that you address. That's why nobody else has "this problem". "This problem" is a sign of serious misconceptions in design and development. And if you really must not fix the real problem why in the world did you hack away at tomcat? Why not filters? You can do a lot with filters that would be much preferable to what you have done including the fact that it would just run without having to modify the servlet container. -Original Message- From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Sent: Tuesday, October 05, 2010 10:51 AM To: Tomcat Users List Subject: RE: Tabbed browsers sharing session - work around. Hi Chris, In Internet Explorer 5.5,6.0 if you opened up two separate browser instances they would have two 'un-connected' sessions. As stated by Ronald they would share the session if the 2nd was opened using ctrl-n but otherwise the sessions would be unique. Cookies may have always worked as they do now but the browser would store them within each instance. They seem to have changed to now share the sessions/cookies and this was introduced at the same time as tabbed browsers IE7+. Regards, Rob > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rob, > > On 10/5/2010 5:03 AM, Rob Gregory wrote: > >> Sounds like you need to be pretty careful. Is it possible you've built a > >> fragile application? > > > > Some legacy parts of the application became fragile when the browsers > > started sharing sessions and this fix has been implemented to work > > around that fact. > > I'm not sure anything changed recently with web browsers: cookies have > always worked this way, tabs or not. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkyrOnIACgkQ9CaO5/Lv0PAjZACfVpeZ5GcmtKXgt/UmmO34Xw4R > 1OwAoIRt03dpZFoBbuRnyzvzGgsxS5jB > =JiSB > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tabbed browsers sharing session - work around.
Hi Maximilian, Basically we are stuck with some legacy application parts that while these are scheduled to be replaced we have to support them until they have been. Using filters would not solve the issue as the 'Hack' as you put it is done at a cookie path level. We do use filters to implement security, ntlmv2 authentication, caching & anti-caching, etc so I am fully aware of the power of filters. I agree hacking away at a part of Tomcat is not the best solution but it was the only one currently available to resolve the issue. And was my original reasoning behind posting to this group to see if anyone could suggest a better solution. Thanks for your input. Rob > -Original Message- > From: Maximilian Stocker [mailto:m...@talentoyster.com] > Sent: 05 October 2010 16:03 > To: 'Tomcat Users List' > Subject: RE: Tabbed browsers sharing session - work around. > > This application (or mess of applications munged together) is a big mistake, > the source of all your problems and should be the only thing that you address. > That's why nobody else has "this problem". "This problem" is a sign of serious > misconceptions in design and development. > > And if you really must not fix the real problem why in the world did you hack > away at tomcat? Why not filters? You can do a lot with filters that would be > much preferable to what you have done including the fact that it would just > run without having to modify the servlet container. > > -Original Message- > From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] > Sent: Tuesday, October 05, 2010 10:51 AM > To: Tomcat Users List > Subject: RE: Tabbed browsers sharing session - work around. > > Hi Chris, > > In Internet Explorer 5.5,6.0 if you opened up two separate browser instances > they would have two 'un-connected' sessions. As stated by Ronald they would > share the session if the 2nd was opened using ctrl-n but otherwise the > sessions would be unique. Cookies may have always worked as they do now but > the browser would store them within each instance. They seem to have changed > to now share the sessions/cookies and this was introduced at the same time as > tabbed browsers IE7+. > > Regards, > Rob > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Rob, > > > > On 10/5/2010 5:03 AM, Rob Gregory wrote: > > >> Sounds like you need to be pretty careful. Is it possible you've built a > > >> fragile application? > > > > > > Some legacy parts of the application became fragile when the browsers > > > started sharing sessions and this fix has been implemented to work > > > around that fact. > > > > I'm not sure anything changed recently with web browsers: cookies have > > always worked this way, tabs or not. > > > > - -chris > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.10 (MingW32) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAkyrOnIACgkQ9CaO5/Lv0PAjZACfVpeZ5GcmtKXgt/UmmO34Xw4R > > 1OwAoIRt03dpZFoBbuRnyzvzGgsxS5jB > > =JiSB > > -END PGP SIGNATURE- > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tabbed browsers sharing session - work around.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob, On 10/5/2010 11:28 AM, Rob Gregory wrote: > Basically we are stuck with some legacy application parts that while > these are scheduled to be replaced we have to support them until they > have been. Using filters would not solve the issue as the 'Hack' as you > put it is done at a cookie path level. We do use filters to implement > security, ntlmv2 authentication, caching & anti-caching, etc so I am > fully aware of the power of filters. > > I agree hacking away at a part of Tomcat is not the best solution but it > was the only one currently available to resolve the issue. And was my > original reasoning behind posting to this group to see if anyone could > suggest a better solution. My suggestion would be to deploy your different environments into separate contexts. That way, the cookie paths are distinguishable and there shouldn't be any confusion no matter what the situation is on the client. One other possibility would be to disable the use of cookies altogether on the server and force the use or URL rewriting: that would essentially force each browser window or tab into it's own isolated "session". This requires that you have coded your pages correctly to support URL rewriting, of course. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrbSgACgkQ9CaO5/Lv0PDI9ACgm2WTdL6vIRqBSvX78Z9XMDEw EpcAnA6sQFf1kmBlj07/Xk4bL+4BpeHN =MR4n -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Serialization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wolfgang, (I'm cc'ing the tomcat-user mailing list in case others would like to read my response. Please try to keep things on the list rather than emailing contributors directly.) On 10/5/2010 9:34 AM, Wolfgang Orthuber wrote: > thanks for your detailed answer. You are right, up to now I wrote > e.g. C, C++ programs, since July I am working with Java because > server programming and the java class library is necessary. There are > many new conventions and my main problem is lack of time. I understand. Learning any new language has its caveats. The problem in this case was that you didn't understand the nuances of Java serialization. For instance, RTTI is written out as part of the serialization process, so attempting to read-into a different class (even with the same fields and code) causes an error. My recommendation would be to /not/ use Java's built-in serialization, and instead write your data out in a way that does not depend on a particular class's interpretation of the data. Just define a standard (binary, XML, whatever) and then read and write to that format. > But the fundament of the plan is reliable (vectorial search) and I am > interested in an up to date installation of tomcat and java. What is "vectorial search"? > There is a great range of sources on the web for java and tomcat, > partially incompatible, or old. Which source and selection do you > recommend for an up to date and reliable installation of tomcat and > java? If you're starting from scratch, get the latest and greatest Tomcat version, which is currently 6.0.29. This page has more information on the currently-supported versions of Tomcat: http://tomcat.apache.org/whichversion.html If you must stick with the 5.5.x line, you should upgrade to 5.5.31 after reading the changelog to see if anything might interfere with your webapp's functioning. As always, get Tomcat directly from the source: http://tomcat.apache.org/ Go to the "Download | Tomcat 6.0" page and get the latest version. All you need is the "core" package: choose whatever packaging makes sense for your environment. For a Java version, we always recommend running on Sun's JRE (or JDK if you prefer). The only currently-supported version is 1.6.something: to go java.sun.com and download whatever the most recent version is. Feel free to come back to this list if you have any problems installing or configuring Tomcat. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrkcUACgkQ9CaO5/Lv0PCM5gCgoDam11AZxLAiQGFBj/zk/ikL Q4UAn229pufQzRHOlgvQt86/TWag0cDI =5FB9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat connector issue with Sun Web Server 7.0.
Hi all, We have a configuration where we use the tomcat connector with the Sun Java System Web Server and I'm noticing an unusual behavior that I've not noticed with Apache and mod_jk. When making a request to a URL such as http://host/webapp/dir/ In apache, the underlying request is made as: REQ:GET /webapp/dir/ In the Sun Java System Web Server, the underlying request to tomcat gets the default directory index file added to it, so the AJP get looks like: REQ:GET /webapp/dir/index.html Anyone have any idea if it's possible make the SJSWS web server NOT attempt to add the index.html on to the end of resource when passing the request over to tomcat via AJP? Thanks, Andy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
