Re: Duplicate session IDs?

Mon, 30 Dec 2002 08:56:03 -0800

This looks true by the looks of:
http://cvs.apache.org/viewcvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java?rev=1.15&content-type=text/vnd.viewcvs-markup

The while loop is looking for one session ID, and if JVM route is set, a different session ID is saved. (Since jvmRoute is attached AFTER dup check)

What is missing is the addition of jvmRoute to generateSessionId()

Attached is a patch against the HEAD of ManagerBase.java.

My original patch also provided a "debug" message and diff against LocalStrings.properties to log that a dup sessionId was created. I would be curious if that piece of code would ever be run. Personally - I doubt it. But we'd have proof that a duplicate sessionID was created with the debug message. If your want that patch instead - I can provide that on demand.



-Tim


Glenn Olander wrote:
fyi, the version he checked in contains a bug. It should append jvmRoute within
the loop. It should look like this:

String sessionId = generateSessionId();
String jvmRoute = getJvmRoute();
// @todo Move appending of jvmRoute generateSessionId()???
if (jvmRoute != null) {
sessionId += '.' + jvmRoute;
}
synchronized (sessions) {
while (sessions.get(sessionId) != null){ // Guarantee uniqueness
sessionId = generateSessionId();
if (jvmRoute != null) {
sessionId += '.' + jvmRoute;
}
}
}
session.setId(sessionId);

return (session);
Index: ManagerBase.java
===================================================================
RCS file: 
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v
retrieving revision 1.15
diff -r1.15 ManagerBase.java
138,139c138,139
<     
<     
---
> 
> 
293,294c293,294
<     
<     
---
> 
> 
588,593d587
<         String jvmRoute = getJvmRoute();
<         // @todo Move appending of jvmRoute generateSessionId()???
<         if (jvmRoute != null) {
<             sessionId += '.' + jvmRoute;
<             session.setId(sessionId);
<         }
693a688,693
> 
>         String jvmRoute = getJvmRoute();
>         if (jvmRoute != null) {
>             result.append('.').append(jvmRoute);
>         }
> 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to