Hi,
I'm using version 5.5.12. I noticed that sometimes sessions doesn't
expire after a "session-timeout".
I started to debug my application and when I haven't found anything
useful I proceeded to Tomcat's code. It looks that there is a
synchronization bug during the update of the
"StandardSession.accessCount". If I got it right, accessCount is a
reference counter which propose is to prevent session from expiring
while it's still in use. It's incremented when there is a Request which
accesses it for the first time, and decremented when the Request is
recycled.
Suppose that my HTML generates several requests during the same session.
Probably, those requests will be handled by different "http-proccessor"
threads and those threads will try to increase/decrease the accessCount
of the same Session simultaneously. This will cause statement
++/--accessCount in StandardSession.access/endAccess sometimes to use an
old value ...
What do you think?
Thanks!
Michael.
