I've found that certain applications will no longer invalidate
sessions after upgrading from 7.0.53 to 7.0.54.
It seems to require clustering to be set up in Tomcat. If it's not set
up, session invalidation works fine.
So far, I can only trigger it in a webapp that uses Tapestry Spring Security.
On Thu, May 29, 2014 at 8:51 AM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
2014-05-29 11:58 GMT+04:00 David Rees dree...@gmail.com:
I've found that certain applications will no longer invalidate
sessions after upgrading from 7.0.53 to 7.0.54.
It seems to require clustering to be set up
On Thu, May 29, 2014 at 12:16 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
Do you mean that you have a web application that does this:
session.invalidate();
session = request.getSession(true);
... and the old session is in fact not invalidated?
Yes. Specifics to make this
On Thu, May 29, 2014 at 12:39 PM, David Rees dree...@gmail.com wrote:
Yes. Specifics to make this happen seem to be:
TC 7.0.54 in a cluster, Tapestry 5.2.6 + Tapestry Spring Security.
OK, I was wrong, no Tapestry or Spring Security is required, just a
couple JSPs are required to reproduce
On Thu, May 29, 2014 at 6:16 PM, David Rees dree...@gmail.com wrote:
I'll open a ticket with these details, too.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56578
-Dave
-
To unsubscribe, e-mail: users-unsubscr
On Thu, Dec 5, 2013 at 12:18 AM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
Remove the tomcat7-websocket.jar library if you do not need it. This
library (added in 7.0.47, a JSR-356 Java WebSocket 1.0 implementation)
has a ServletContainerInitializer and thus forces Tomcat to perform
Since upgrading to 7.0.47 from 7.0.42, I've seen a very severe
performance hit during startup.
One Tomcat instance with a lot of webapps slowed down from ~33 seconds
to ~180 seconds. It appears to be related to jar-scanning - If I
change catalina.properties'
On Mon, Jun 24, 2013 at 9:26 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
For those who don't want to wait for 7.0.42 and would prefer not to
run in headless more for some reason can set this attribute in the
JreMemoryLeakProtectionListener:
appContextProtection=false
I
On Fri, Jun 21, 2013 at 9:28 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
I just upgraded to 1.7.0_25 on my Mac and I noticed that when I launch
Tomcat, I get a dock icon indicating that it is running. This does not
happen on 1.7.0_21, the previous version I was running.
For
On Tue, Feb 14, 2012 at 4:57 AM, Konstantin Kolinko
knst.koli...@gmail.com wrote:
2012/2/14 Mark Thomas ma...@apache.org:
On 14/02/2012 03:11, David Rees wrote:
This may not be Tomcat related, but I couldn't find anything in the
JSP/JSTL/EL specifications regarding a change in behavior from
This may not be Tomcat related, but I couldn't find anything in the
JSP/JSTL/EL specifications regarding a change in behavior from JSP
2.0-2.2.
Here's a simple JSP 2-line which shows the issue:
%@taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c%
c:out value=${param['foo'] == 1}/
Using
I've been working on upgrading some Tomcat 5.5 servers to Tomcat 7
since 5.5 will be EOL soon.
One thing I noticed on one of my first upgrades is that TC7 can often
take a long time to start up due to slow initialization of the
SessionIdGenerator - it can take up to nearly 2 minutes! It appears
On Fri, Jan 27, 2012 at 12:58 PM, Pid p...@pidster.com wrote:
On 27/01/2012 20:23, David Rees wrote:
Google turns up lots of hits which suggest using
-Djava.security.egd=file:/dev/./urandom to work around the issue - but
I'd rather not give up security for start up speed.
It seems
On Fri, Jan 27, 2012 at 3:42 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Pid [mailto:p...@pidster.com]
that's why the setting of /dev/./urandom is important, even
though it would seem to be equivalent.
So editing the file fixes this, or just using the system property?
On Wed, Jan 25, 2012 at 1:24 AM, Pid p...@pidster.com wrote:
On 24/01/2012 21:01, David Rees wrote:
The system has 8 CPU cores, Opteron 2378 CPU. Going beyond 4
startStopThreads for the host where the webapps are deployed doesn't
speed things up much more as it appears that the webapps can
On Mon, Jan 23, 2012 at 11:53 PM, Pid * p...@pidster.com wrote:
On 23 Jan 2012, at 21:12, David Rees dree...@gmail.com wrote:
On Tue, Oct 11, 2011 at 6:42 AM, Mark Thomas ma...@apache.org wrote:
I have added a patch based on the previous patches that adds:
- threaded start/stop for Contexts
On Tue, Oct 11, 2011 at 6:42 AM, Mark Thomas ma...@apache.org wrote:
I have added a patch based on the previous patches that adds:
- threaded start/stop for Contexts
- threaded start/stop for Hosts
- threaded deployment
Control over the number of threads is via server.xml and/or JMX. This
On Wed, Jul 27, 2011 at 10:39 AM, Mark Thomas ma...@apache.org wrote:
On 27/07/2011 17:23, Robert Elliot wrote:
We are using Tomcat 6.0.29, and occasionally experiencing concurrency issues
which look very much like the wrong response is being returned for a request.
While we cannot reproduce
On Mon, Feb 7, 2011 at 12:56 PM, Jim Jagielski j...@jagunet.com wrote:
A test tarball was just announced to the development list
for voting and approval...
Thanks - I guess I was not patient enough. :-)
-Dave
-
To
On Wed, Aug 19, 2009 at 6:06 PM, Andre-John Masaj...@sympatico.ca wrote:
I saw the Tomcat can use Gzip compression, though I am curious to know
whether there is any built in caching mechanism to cache static content that
has been Gzipped, to reduce the server load?
No, you'd have to use
On Wed, Jul 15, 2009 at 2:25 PM, Wesley Achesonwesley.ache...@gmail.com wrote:
How do I either reliably deploy/undeploy from root?
Name the war file ROOT.war.
http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
-Dave
-
On Wed, Jul 15, 2009 at 3:58 PM, Wesley Achesonwesley.ache...@gmail.com wrote:
On Thu, Jul 16, 2009 at 12:52 AM, Konstantin Kolinko knst.koli...@gmail.com
wrote:
Maybe the following will help you:
http://wiki.apache.org/tomcat/FAQ/Windows
Tomcat 6.0.18
windows vista professional 32 bit.
Hi,
I'm trying to implement a session listener so that I can check the
status of a session. Essentially, I need to maintain a Map of all the
sessions. I would add sessions to this map based on business logic.
The problem I have is that the behavior of the listeners is different
when clustering
On Thu, Nov 13, 2008 at 2:35 PM, Adam Gordon [EMAIL PROTECTED] wrote:
As previously mentioned, we
cannot simply put this on the URL as a parameter because we are using sticky
sessions.
Why not? It works just fine in my tests.
-Dave
On Wed, Nov 12, 2008 at 9:42 AM, Adam Gordon [EMAIL PROTECTED] wrote:
Since we're connecting to Tomcat via an Apache load-balancer, we don't know
of a way to force the load-balancer to go to a certain Tomcat instance.
Additionally, we don't know how to speak mod j/k so we can't fake a direct
On Wed, Nov 12, 2008 at 1:15 PM, Adam Gordon [EMAIL PROTECTED] wrote:
See my reply to Hassan. I think setting up a proxy would be overkill, and
besides, when running Tomcat in a load-balanced capacity w/ sticky sessions
using mod JK, while you can connect directly to the port on which Tomcat
On Fri, Aug 15, 2008 at 1:21 PM, Christopher Schultz
[EMAIL PROTECTED] wrote:
Bill Davidson wrote:
The way I deal with it is to use Firefox for one and IE for the other.
You could use separate tabs in the same browser if you were to disable
cookies on your browser (and you have correctly
I posted a couple messages to the user/dev lists last week asking the
same question, but still haven't seen any mention of a plan to release
a new 5.5.x or 4.1.x to fix the security issues posted at the
beginning of the month.
Is there a plan to push a new release for either 5.5.x or 4.1.x or
With the 3 known security vulnerabilities in 5.5.26, when will 5.5.27
be scheduled for release?
http://tomcat.apache.org/security-5.html
I am particularly worried about CVE-2008-2370 myself.
I would rather not have to go through and completely test 6.0.18 which
has been released and has the 3
On Mon, Mar 31, 2008 at 3:38 AM, Ronald Klop [EMAIL PROTECTED] wrote:
See my previous mail about send/receive buffers filling because Ack wasn't
read by FastAsyncSender.
The option waitForAck=true did the trick for me. But for FastAsyncSender
you should set sendAck=false on the receiving
On Mon, Mar 31, 2008 at 12:49 PM, Rainer Jung [EMAIL PROTECTED] wrote:
First to make sure: counting objects in general only makes sense after a
full GC. Otherwise the heap dump will contain garbage too.
Yes, I made sure the objects I was looking at had a valid GC
reference. They really were
On Mon, Mar 31, 2008 at 12:52 PM, Rainer Jung [EMAIL PROTECTED] wrote:
Ronald Klop schrieb:
See my previous mail about send/receive buffers filling because Ack
wasn't read by FastAsyncSender.
The option waitForAck=true did the trick for me. But for
FastAsyncSender you should set
On Mon, Mar 31, 2008 at 4:48 PM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
David Rees wrote:
One problem I've intermittently had with clustering is that after a
Tomcat restart (we shut down one node and it immediately restarts,
generally within 30 seconds), they two nodes don't
On Mon, Mar 31, 2008 at 5:06 PM, Filip Hanik - Dev Lists
[EMAIL PROTECTED] wrote:
David Rees wrote:
I've got a cluster in my test lab with the following configuration on
5.5.26:
Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster/
Looking at /manager/jmxproxy?qry
I have a 2-Tomcat 5.5.26 cluster running 64bit Java which leaks
ClusterData and LinkObject objects.
I have a hprof dump which shows over 600k of each of those classes.
Analyzing them with a profiler reveals an endless loop of
LinkObject.next references through all 600k of them. There were about
On Sun, Mar 30, 2008 at 1:49 AM, David Rees [EMAIL PROTECTED] wrote:
I have a 2-Tomcat 5.5.26 cluster running 64bit Java which leaks
ClusterData and LinkObject objects.
I have a hprof dump which shows over 600k of each of those classes.
Analyzing them with a profiler reveals an endless
On Sun, Mar 30, 2008 at 2:14 AM, David Rees [EMAIL PROTECTED] wrote:
From my understanding of the clustering software, it appears that
Tomcat is trying to send messages to the other Tomcat but it isn't
receiving them? Shouldn't it drop membership and give up? I suspect
that some
On Wed, Mar 5, 2008 at 7:26 PM, David Smithson
[EMAIL PROTECTED] wrote:
I guess the list doesn't support attachments, so I've staged this on a
web server. Here's the link to the graph:
https://littleblue.activsupport.com/tomcat_graph.png
404 Forbidden.
-Dave
On Mon, Mar 3, 2008 at 9:26 AM, James Ellis [EMAIL PROTECTED] wrote:
Do you think that little hollow voice can clarify how IPSec would solve this
problem by giving an example of a software that I could implement to
accomplish this?
Google IPSec and VPN and you will find your answer.
-Dave
On Sun, Mar 2, 2008 at 6:42 PM, Martin Gainty [EMAIL PROTECTED] wrote:
PCI-DSS calls for encryption on all channels where payment information will
be transmitted is the configuration described here non PCI-DSS compliant?
No, PCI-DSS calls for encryption of card data across open, public
On Feb 13, 2008 12:08 AM, Andrew Hole [EMAIL PROTECTED] wrote:
On Feb 13, 2008 7:23 AM, David Rees [EMAIL PROTECTED] wrote:
Have you tried starting with a minimal configuration and then adding
options as you deem necessary?
What you consider the minimal configuration?
See the docs. Looking
On Feb 12, 2008 10:59 AM, Andrew Hole [EMAIL PROTECTED] wrote:
I've the following configuration on server.xml for two different instances
of tomcat (on the same server). BUT, i don't know why, session replication
doesn't work.
Could you help me to find why?
Have you tried starting with a
On Jan 18, 2008 1:13 PM, David Rees [EMAIL PROTECTED] wrote:
So your testing is with the to-be-released 5.5.26? Where can I get a
copy of this and the changes going into 5.5.26?
I found the changelog, looks like I need to build 5.5.26 from source
myself if i want to test it?
http
On Jan 18, 2008 8:17 AM, Peter Rossbach [EMAIL PROTECTED] wrote:
I have also made a test with two cluster nodes. Is node2 under load
as node1 is started the message are normal.
Cluster is starts first and receive message, but the application
starts later. As application is startet at node1 the
On Jan 17, 2008 12:16 AM, Peter Rossbach [EMAIL PROTECTED] wrote:
you can't restart your nodes so quickly. As you shutdown one node you
must wait 30-45 sec before next restart. Don't restart both nodes at same
time.
I am waiting at 4 minutes before restarting node 2 before restarting
node 1,
I'm running a Tomcat 5.5.25 cluster with 2 nodes and the following
cluster configuration in the Host/ element:
Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster
Valve className=org.apache.catalina.cluster.tcp.ReplicationValve
On 8/23/07, Rainer Jung [EMAIL PROTECTED] wrote:
Guofeng Zhang schrieb:
# Define Master
worker.master.host=192.168.225.195
worker.master.port=8009
worker.master.type=ajp13
worker.master.lbfactor=1
worker.master.cachesize=10
worker.master.cache_timeout=600
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
So, looking for favicon.ico and doing a HEAD on my entry page, doesn't
look to suspicious I guess.
...tracking the perpetrator down now ... this is fun.
While the exercise may be fun, you are most
He's already using a low prepost_timeout of 50ms (IMO is way too low
and should be set to 250-500ms).
Sorry, I had only little time and directly ran into our old problem,
that some timeouts are seconds, and some are milliseconds. Your are
right, 50 is way too small, se my new Timeouts docs
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote:
Although ... depending on what you consider hacking it certainly seems
like it could easily be used to run a crude DOS attack (for example)
simply by writing a shell script with a loop in it, like many other
otherwise benign applications out there
On 12/18/06, cifroes [EMAIL PROTECTED] wrote:
I'm configuring a Tomcat cluster with 2 servers. In front of that I have
a loadbalancer (LVS software) doing round-robin between the 2 servers.
In my tests I'm finding that the session replication mechanism isn't
fast enough to replicate the data.
On 12/18/06, cifroes [EMAIL PROTECTED] wrote:
cifroes wrote:
David Rees wrote:
Are you sticky sessions? If not, that will usually fix the issue you
see.
Sorry, I don't know what sticky sessions are... But please note I'm
not using Tomcat loadbalancing, the load balancer is another
On 11/21/06, Andre Prasetya [EMAIL PROTECTED] wrote:
On 11/21/06, Harry [EMAIL PROTECTED] wrote:
PostgreSQL is excellent, IMHO - fast, and easy to administrate.
Yupe agreed, but for database that is used with frequent insert and delete
statement, I have to vacuum them frequently. Which is a
On 11/13/06, Dave Roberts [EMAIL PROTECTED] wrote:
After an absurd amount of searching about, I have not been able to find a
single reference on how to ensure that the cookies set by Tomcat expire 3
months after they're created (they currently expire sometime in 2019).
What cookies are you
On 9/6/06, Ronald Klop [EMAIL PROTECTED] wrote:
We are running a 4-node cluster of 5.5.17. Sometimes java or tomcat
crashes and we restart it automaticly. With 5.0.x this was ok, but
with 5.5.x it doesn't sync session on startup often.
Ronald, I am seeing nearly the exact same issue/errors
On 9/25/06, Brian [EMAIL PROTECTED] wrote:
I'm using mod_jk. I currently have it working in a dev
environment. Apache Web server --- jboss application
server.
I need to move to Production:
Apache -- [FireWall] -- jboss
When I first tried this everything failed. We opened
port 8009 on the FW
On 9/25/06, Brian [EMAIL PROTECTED] wrote:
So are you suggesting that the something weird is on
the Jboss configuration side?
No, I'm suggestions that something is wrong with your firewall. Are
you sure Apache is getting through via mod_jk?
-Dave
On 9/11/06, Leon Rosenberg [EMAIL PROTECTED] wrote:
On 9/11/06, Asensio, Rodrigo [EMAIL PROTECTED] wrote:
CentOS Debian with tomcat, how many users are you handling ?
Here with 350 logged users our Win2003-Serv is suffering a lot all the
time.
I really want to know the capacity of tomcat
On 8/16/06, Propes, Barry L [EMAIL PROTECTED] wrote:
From: Maurice Yarrow [mailto:[EMAIL PROTECTED]
Generally, getRemoteHost() and getRemoteAddr() return
the same value, but I had found a situation during testing
where getRemoteAddr() returned an IP address but
getRemoteHost() returned nothing.
On 8/11/06, Propes, Barry L [EMAIL PROTECTED] wrote:
what about getRemoteHost()?
getRemoteHost is simply a getRemoteAddr with a reverse DNS lookup
thrown on top. No additional security there, in fact one could argue
that there is less.
-Dave
I wonder if associating (and checking) the request IP with the
session would reduce the problem to some acceptable level. What is
the chance of a session being hijacked from the same network
(face-ip)?
Another question is can the original request IP be spoofed?
In this case the chances are
On 7/27/06, Guilherme Silveira [EMAIL PROTECTED] wrote:
If running CpuTest once gives you 25% its a OS/java problem.
If it gives you 100%... its tomcat's fault...
This particular problem is not likely to be Tomcat's fault, it's most
likely a synchronization/perfromance bug in the
On 7/5/06, Speulman, Elly [EMAIL PROTECTED] wrote:
Is there anyone out there who has been able to configure more than 1550M for
Tomcat 5.0 on a Windows advanced server installation. The server has a total
of 4Gb of memory. We are just not able to cross a border.
Config of Tomcat memory takes
On 6/23/06, Edward Diener [EMAIL PROTECTED] wrote:
How can I programatically find out which version(s) of Tomcat is
installed on my system ?
getServletContext().getServerInfo()
-Dave
-
To start a new topic, e-mail:
On 6/22/06, Per Johnsson [EMAIL PROTECTED] wrote:
Is 1.2.16 avaiable for download somewhere?
Not that I know of, you have to grab the source from SVN.
Found this:
http://tomcat.apache.org/connectors-doc/news/20060505.html
I wonder how that got there!
-Dave
On 6/14/06, Kim Albee [EMAIL PROTECTED] wrote:
I need some help -- I'm downloading the JK binaries to get my tomcat
installation working with Apache, and when I go to download the jk binaries
for linux/apache, I see the two files:
On 6/13/06, FM [EMAIL PROTECTED] wrote:
Is there a way to set a timeout for mod_jk ? Something tomcat crashes
and httpd stops responding because every connection tries to connect to
tomcat (with mod_jk) but there is no time out.
I try this setting in worker.properties :
On 6/10/06, hv @ Fashion Content [EMAIL PROTECTED] wrote:
I had an incident on my server the other day where someone had succesfully
broken into the server to execute a port scanner.
The port scanner was running under the tomcat process so I assume the
breakin was done by getting through the
On 6/4/06, Sandeep Gaikwad [EMAIL PROTECTED] wrote:
Which version is most suitable for Tomcat Clustering?
The latest version, 5.5.17.
-Dave
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail:
On 5/5/06, Leon Rosenberg [EMAIL PROTECTED] wrote:
you could send the user to a waiting page, which should automatically
retry the action (via http redirect or js redirect) after some amount
of time.
On the other hand, if the waiting condition is almost permanent your
should think about other
On 5/4/06, Ken Dombeck [EMAIL PROTECTED] wrote:
Thanks.
The problem with this solution is that the end user will then see the
SC_SERVICE_UNAVAILABLE error. The desired behavior is for the users
request to wait until a thread is freed up to process their request.
Is there way to do that?
Not
On 5/1/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On my RHEL server, running tomcat 5.5.12, jvm 1.5.0_06-b05
when I litterally reboot the server, tomcat restarts, which I then access
via the tomcat manager; and everything is Running = true except for my
application. I can click Start and it
On 4/3/06, Meryl Silverburgh [EMAIL PROTECTED] wrote:
Is it possible to limit Tomcat to just handle 10 concurrently request
to my servlet?
for all others (11 and onward), it will queue them up, and serve them
only when one of the currently-serving request is done?
If you are only using one
On 4/4/06, Walter Botman [EMAIL PROTECTED] wrote:
Can we configure tomcat in a way that it uses more then one CPU?
It seems to use only one CPU ?
We are using the following:
- Sun Fire v240 (with 2 CPU's)
- Solaris 8 (including patches)
- tomcat 5.5.7
- Java 1.5.0
There isn't anything
On 4/3/06, Eric Wulff [EMAIL PROTECTED] wrote:
Doesn't seem too serious but I've found little doc on it. I
downloaded the tomcat-native.zip but there is no readme, install,
config file and I haven't been able to find documentation about
install config for this. 2 questions...
How serious
On 3/17/06, Leon Rosenberg [EMAIL PROTECTED] wrote:
But pushing dynamic content with squid? I doubt it will work. However,
squid is using select reads instead of tomcat's blocking reads, and
could reduce the number of threads, but I have seriously doubts with
keepalives, have you actually
On 3/17/06, Alex Jalali [EMAIL PROTECTED] wrote:
Although i do have this question about non-static pages. Which do you
think is faster? let say you have 1GB ram and 2 CPUs. running a) apache +
1 tomcat or b) apache + 2 tomcat in cluster via mod_jk? would having 2 JVM
on the same server that
77 matches
Mail list logo