Philippe Mouawad wrote:
Hello,
Any feedback on this ?
Thanks
Hi.
I don't think that you should reasonably expect any feedback.
It is not that people here do not want to help, but your version of Tomcat is so
hopelessly outdated (2007 ?)(see: https://tomcat.apache.org/whichversion.html) that it
would cost them a lot of time, and time is something that most of them don't have too much of.
So they concentrate on the latest versions, because for that there is a chance that they
still have a similar system somewhere, or remember the issue and how to fix it.
Your best hope is to search the Tomcat list archives (see
https://tomcat.apache.org/lists.html), for something that looks like a similar issue. But
if it is a Tomcat issue, the result will probably be that you need to upgrade your Tomcat
to solve it.
On Sun, Sep 7, 2014 at 11:49 PM, Philippe Mouawad <
philippe.moua...@gmail.com> wrote:
Hello,
I am working currently on an issue where an application is facing either
Response mix or Session mix.
For example:
1/ a user A gets the basket of customer B when going on basket detail
(response mix)
2/ Cookies also get mixed up, more of session mix in this case
The versions of components are the following:
- Load Balancer => modjk_1.2.40 => Tomcat 5.5.23 (Yes very old)
I have made some searches on bug database and found this issue which seems
similar:
- https://issues.apache.org/bugzilla/show_bug.cgi?id=47714
But the issue is in state WORKSFORME so it is not a bug AFAIU.
Also issue seems to be related to a bug fix that occured in mod_jk 1.2.27 :
"AJP13: [CVE-2008-5519] Always send initial POST packet even if the client
disconnected after sending request but before providing POST data. In that
case or in case the client broke the connection in a middle of read send an
zero size packet informing container about broken client connection.
(mturk) "
What makes me say this is that there is a JBoss solution document that
says this:
https://access.redhat.com/solutions/19239
There is a known bug in mod_jk versions 1.2.26 and below that can cause
session crosstalk
"AJP13: [CVE-2008-5519] Always send initial POST packet even if the client
disconnected after sending request but before providing POST data. In that
case or in case the client broke the connection in a middle of read send an
zero size packet informing container about broken client connection.
(mturk) "
So with version 1.2.40 no issue should remain Afaik.
So I have 3 questions:
1) Does the fix in mod_jk require an upgrade to a particular tomcat
version ?
2) The issue was related to a security problem, but how response mix did
occur ?
3) The Bug 47714 close as Worksforme is not clear for me. Is it possible
that non optimal config can lead to this issue, for example:
- Not setting recovery_options ? what would be the technical explanation ?
Request would be retried but how mix would occur ?
I am besides this investigating load balancer and application issues.
Thanks for help
Regards
Philippe M.
--
Cordialement.
Philippe Mouawad.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
