Hello André, I understand your answer although my 3 questions are also related to current version of Tomcat. I was hoping that the person who fixed the issue could explain how the problem occured. To recap my 3 questions : 1) Does the fix in mod_jk require an upgrade to a particular tomcat version ? > I suppose that if I upgrade to last 6.X it should be fine (Cannot upgrade for now to 7 or 8)
2) The issue was related to a security problem, but how response mix did occur ? > This one is more to understand technically the issue 3) The Bug 47714 close as Worksforme is not clear for me. Is it possible that non optimal config can lead to this issue, for example: - Not setting recovery_options ? what would be the technical explanation ? Request would be retried but how mix would occur ? > This one still concerns modern versions of Tomcat. Anyway thanks for answer. Regards Philippe On Thu, Sep 25, 2014 at 12:02 PM, André Warnier <a...@ice-sa.com> wrote: > Philippe Mouawad wrote: > >> Hello, >> Any feedback on this ? >> Thanks >> > > Hi. > I don't think that you should reasonably expect any feedback. > It is not that people here do not want to help, but your version of Tomcat > is so hopelessly outdated (2007 ?)(see: https://tomcat.apache.org/ > whichversion.html) that it would cost them a lot of time, and time is > something that most of them don't have too much of. > So they concentrate on the latest versions, because for that there is a > chance that they still have a similar system somewhere, or remember the > issue and how to fix it. > > Your best hope is to search the Tomcat list archives (see > https://tomcat.apache.org/lists.html), for something that looks like a > similar issue. But if it is a Tomcat issue, the result will probably be > that you need to upgrade your Tomcat to solve it. > > > > >> On Sun, Sep 7, 2014 at 11:49 PM, Philippe Mouawad < >> philippe.moua...@gmail.com> wrote: >> >> Hello, >>> >>> I am working currently on an issue where an application is facing either >>> Response mix or Session mix. >>> For example: >>> 1/ a user A gets the basket of customer B when going on basket detail >>> (response mix) >>> 2/ Cookies also get mixed up, more of session mix in this case >>> >>> The versions of components are the following: >>> >>> - Load Balancer => modjk_1.2.40 => Tomcat 5.5.23 (Yes very old) >>> >>> >>> I have made some searches on bug database and found this issue which >>> seems >>> similar: >>> >>> - https://issues.apache.org/bugzilla/show_bug.cgi?id=47714 >>> >>> >>> But the issue is in state WORKSFORME so it is not a bug AFAIU. >>> >>> Also issue seems to be related to a bug fix that occured in mod_jk >>> 1.2.27 : >>> "AJP13: [CVE-2008-5519] Always send initial POST packet even if the >>> client >>> disconnected after sending request but before providing POST data. In >>> that >>> case or in case the client broke the connection in a middle of read send >>> an >>> zero size packet informing container about broken client connection. >>> (mturk) " >>> >>> What makes me say this is that there is a JBoss solution document that >>> says this: >>> https://access.redhat.com/solutions/19239 >>> >>> There is a known bug in mod_jk versions 1.2.26 and below that can cause >>> session crosstalk >>> >>> "AJP13: [CVE-2008-5519] Always send initial POST packet even if the >>> client >>> disconnected after sending request but before providing POST data. In >>> that >>> case or in case the client broke the connection in a middle of read send >>> an >>> zero size packet informing container about broken client connection. >>> (mturk) " >>> >>> So with version 1.2.40 no issue should remain Afaik. >>> >>> So I have 3 questions: >>> >>> 1) Does the fix in mod_jk require an upgrade to a particular tomcat >>> version ? >>> >>> 2) The issue was related to a security problem, but how response mix did >>> occur ? >>> >>> 3) The Bug 47714 close as Worksforme is not clear for me. Is it possible >>> that non optimal config can lead to this issue, for example: >>> >>> - Not setting recovery_options ? what would be the technical explanation >>> ? >>> >>> Request would be retried but how mix would occur ? >>> I am besides this investigating load balancer and application issues. >>> >>> Thanks for help >>> Regards >>> Philippe M. >>> >>> >>> -- >>> Cordialement. >>> Philippe Mouawad. >>> >>> >>> >>> >>> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Cordialement. Philippe Mouawad.
