duplicate sessions IDs are possible in TC sessions
--------------------------------------------------
Key: CDV-875
URL: https://jira.terracotta.org/jira//browse/CDV-875
Project: Community Development
Issue Type: Bug
Components: Sessions
Affects Versions: 2.6.4
Reporter: Tim Eck
Assignee: Issue Review Board
The ID generator for TC sessions does not guarantee that a unique session ID
will be created for new sessions. DefaultIDGenerator uses a SecureRandom and a
local only counter, but that only makes the chances for a collision very small,
it does not ensure there not be a collision. The ID generator will need to
cooperate with the data store to ensure that key does not exist before allowing
to be issued to a request for a new session
The problem gets worse when multiple contexts are clustered that all have the
same context path (but differing vhosts) (see CDV-206) since the root for the
session data store will be come to common to all of those contexts.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.terracotta.org/jira//secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
tc-dev mailing list
tc-dev@lists.terracotta.org
http://lists.terracotta.org/mailman/listinfo/tc-dev
