Philippe Mouawad wrote:
Hello André,
I understand your answer although my 3 questions are also related to
current version of Tomcat.
Ok, then, to increase your chances of getting a response :
- download and setup a current version of Tomcat
- reproduce the issue in that one
- and repost your question mentioning that version of mod_jk and Tomcat
Understand : the issue as you describe it could be in mod_jk, but it also /could be/ some
bug in Tomcat 5.5.x, that has been already corrected in one of the very many Tomcat
versions since that one (50 ? 100?).
Before anyone is going to even look at it, /you/ will have to convince them that it is
probably not the case.
Or else, find a $consultant that will do that research for you.
But that's just me saying. I am just trying to help, by helping you to avoid losing time
waiting.
But you are welcome to keep on trying and prove me wrong.
I was hoping that the person who fixed the issue
could explain how the problem occured.
To recap my 3 questions :
1) Does the fix in mod_jk require an upgrade to a particular tomcat version
?
I suppose that if I upgrade to last 6.X it should be fine (Cannot upgrade
for now to 7 or 8)
2) The issue was related to a security problem, but how response mix did
occur ?
This one is more to understand technically the issue
3) The Bug 47714 close as Worksforme is not clear for me. Is it possible
that non optimal config can lead to this issue, for example:
- Not setting recovery_options ? what would be the technical explanation ?
Request would be retried but how mix would occur ?
This one still concerns modern versions of Tomcat.
Anyway thanks for answer.
Regards
Philippe
On Thu, Sep 25, 2014 at 12:02 PM, André Warnier <a...@ice-sa.com> wrote:
Philippe Mouawad wrote:
Hello,
Any feedback on this ?
Thanks
Hi.
I don't think that you should reasonably expect any feedback.
It is not that people here do not want to help, but your version of Tomcat
is so hopelessly outdated (2007 ?)(see: https://tomcat.apache.org/
whichversion.html) that it would cost them a lot of time, and time is
something that most of them don't have too much of.
So they concentrate on the latest versions, because for that there is a
chance that they still have a similar system somewhere, or remember the
issue and how to fix it.
Your best hope is to search the Tomcat list archives (see
https://tomcat.apache.org/lists.html), for something that looks like a
similar issue. But if it is a Tomcat issue, the result will probably be
that you need to upgrade your Tomcat to solve it.
On Sun, Sep 7, 2014 at 11:49 PM, Philippe Mouawad <
philippe.moua...@gmail.com> wrote:
Hello,
I am working currently on an issue where an application is facing either
Response mix or Session mix.
For example:
1/ a user A gets the basket of customer B when going on basket detail
(response mix)
2/ Cookies also get mixed up, more of session mix in this case
The versions of components are the following:
- Load Balancer => modjk_1.2.40 => Tomcat 5.5.23 (Yes very old)
I have made some searches on bug database and found this issue which
seems
similar:
- https://issues.apache.org/bugzilla/show_bug.cgi?id=47714
But the issue is in state WORKSFORME so it is not a bug AFAIU.
Also issue seems to be related to a bug fix that occured in mod_jk
1.2.27 :
"AJP13: [CVE-2008-5519] Always send initial POST packet even if the
client
disconnected after sending request but before providing POST data. In
that
case or in case the client broke the connection in a middle of read send
an
zero size packet informing container about broken client connection.
(mturk) "
What makes me say this is that there is a JBoss solution document that
says this:
https://access.redhat.com/solutions/19239
There is a known bug in mod_jk versions 1.2.26 and below that can cause
session crosstalk
"AJP13: [CVE-2008-5519] Always send initial POST packet even if the
client
disconnected after sending request but before providing POST data. In
that
case or in case the client broke the connection in a middle of read send
an
zero size packet informing container about broken client connection.
(mturk) "
So with version 1.2.40 no issue should remain Afaik.
So I have 3 questions:
1) Does the fix in mod_jk require an upgrade to a particular tomcat
version ?
2) The issue was related to a security problem, but how response mix did
occur ?
3) The Bug 47714 close as Worksforme is not clear for me. Is it possible
that non optimal config can lead to this issue, for example:
- Not setting recovery_options ? what would be the technical explanation
?
Request would be retried but how mix would occur ?
I am besides this investigating load balancer and application issues.
Thanks for help
Regards
Philippe M.
--
Cordialement.
Philippe Mouawad.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
