I haven't experience this myself, but as no-one else has responded yet, here are some thoughts that come to mind in case they help :-) Perhaps the session associated with cookie C1 has expired by the time that Tomcat receives the request that contains C1? Then, if your code uses request.getSession(true), this might be creating a new session, and a new cookie is returned for the new session (C2)? Or is C2 a cookie that was already in use by another user? Is it possible that there is a cacheing server somewhere between browser and tomcat that is returning cached pages from another browser when it shouldn't? This used to be a general HTTP security concern (rather than a tomcat-specific issue), not sure if it's still a real issue or not.... Do C1 and C2 definitely belong to different users? Do C1 and C2 definitely belong to different PCs? Could the same user be logged in more than once concurrently, from different PCs or browsers? Are you using any javascript code in the browser to read/write cookies, or just relying on tomcat to handle cookies? -----Original Message----- From: Todor Todorov [mailto:[EMAIL PROTECTED] Sent: Sunday 24 October 2004 19:42 To: [EMAIL PROTECTED] Subject: cookies problem with Tomcat 4.1.30
Hello there, We experienced strange behavior with Tomcat under heavy load. Fairly simple JSP generates a page based on a persistent cookie, unfortunately the browser receives someone else page. For example, browser B1 sends request with cookie C1, but receives page based on cookie C2. Anyone with similar experience? Is it possible that Tomcat did not initialize reused objects like Request or tag? What else is shared between requests? Unfortunately it's not reproducible even when we create artificial load, so we could only guess for possible reasons. Thanks in advance, Todor
