DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30028>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30028 session attributes Map may become inconsistent start causing "strange" problems Summary: session attributes Map may become inconsistent start causing "strange" problems Product: Tomcat 5 Version: 5.0.25 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hi, Access to StandardSession.attributes field is not synchronized; if used in frames or in any other way asynchronousely, session.setAttribute() or session.removeAttribute() may make StandardSession.attributes HashTable inconsistent. We have experienced a situation where attributes.getKeys().size() had become greater then the number of the elements in the Set. This caused StandardSession.keys() to throw NoSuchElement exception and serialization for that session to be broken permanently. That in its turn caused cluster to become inconsistent and so on. I do appreciate that the relevant synchronization is expected to be done by developers but it is not always possible to enforce that. Some software we use is either close-source obfuscated type, or a big project developed and tested by a third party on a different application server. Either way existing sites dont work properly on Tomcat and we are not in a position to rewrite/modify the code to make those sites more "intellegent" so to speak. Anyway, i would like to suggest a fix to StandardSession.java: 34a35,36 > import java.util.Collections; > import java.util.Map; 119,120c121 < protected HashMap attributes = new HashMap(); < --- > protected Map attributes = Collections.synchronizedMap(new HashMap()); This is a patch for the 5.0.27 source. Thanks, Vlad --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
