Thank Ray for your input. We only encountered one case that we know of, we are enabling more logging in the access logs to capture sessionid and also planning to update to the 8.5.61 as we did see some bugs fixes. We are not sure not where the issue or if this was just an isolated issue but our guess is the Web servlet as we encountered something similar in a previous version tomcat. The only difference now is that we don't see any errors related to this event.
___________________ Juan Quintanilla [email protected]<mailto:[email protected]> ________________________________ From: [email protected] <[email protected]> on behalf of Ray Bon <[email protected]> Sent: Thursday, January 14, 2021 12:02 PM To: [email protected] <[email protected]> Cc: Noemi Valle <[email protected]> Subject: Re: [cas-user] CAS 5.3 with tomcat 8.5.57 User logged in sees another user information Note: This message originated from outside the FIU Faculty/Staff email system. Juan, I worked on a [non cas] project years ago where this type of behaviour would happen in a classroom setting. I suspected it was some network hardware that could not distinguish the requests - response pairs, and 'guessed' which response matched which client request. I never had a chance to solve this problem, so I am not much help. Ray On Wed, 2021-01-13 at 22:13 +0000, Juan Quintanilla wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, We are running CAS 5.3, and tomcat 8.5.57 and experienced a scenario were a user logged into a saml2 service and saw another users information. They logged out and logged back in and saw their information. We encountered something similar in the past when we had CAS 3.6 and Tomcat 8.0 and it had to do with Tomcat using the same jsessionid for the user who authenticated a few seconds before and the user coming in after was given the same jsessionid. We would have to bounce the environment completely. We have haveged installed on the VM to help, has anyone encountered a similar issue, we had one user report the issue unfortunately we don't see a way to capture this information in the logs and nothing in the logs stands out for this particular case. Thanks! ___________________ Juan Quintanilla [email protected]<mailto:[email protected]> -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas<https://urldefense.proofpoint.com/v2/url?u=https-3A__apereo.github.io_cas&d=DwMFaQ&c=lhMMI368wojMYNABHh1gQQ&r=hk-s-5x_MvcAfVeF-O0-CA&m=2qS3ASf8rhNS16pLIXCs6dZTHCNQ7Q-6dTQB1rh2YgI&s=6gFKGfbOYTRAvhyAc35iNBiDG-QqzsSgG5Ml1oxn-X4&e=> - Gitter Chatroom: https://gitter.im/apereo/cas<https://urldefense.proofpoint.com/v2/url?u=https-3A__gitter.im_apereo_cas&d=DwMFaQ&c=lhMMI368wojMYNABHh1gQQ&r=hk-s-5x_MvcAfVeF-O0-CA&m=2qS3ASf8rhNS16pLIXCs6dZTHCNQ7Q-6dTQB1rh2YgI&s=qCee8HVAtq8AwHXA2Ei3TqrIhmkzCcUHS_u6wImcMF8&e=> - List Guidelines: https://goo.gl/1VRrw7<https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_1VRrw7&d=DwMFaQ&c=lhMMI368wojMYNABHh1gQQ&r=hk-s-5x_MvcAfVeF-O0-CA&m=2qS3ASf8rhNS16pLIXCs6dZTHCNQ7Q-6dTQB1rh2YgI&s=aMvF3zR68srfk_MfrRfWho_RaFFanTHt8tu49hQcYts&e=> - Contributions: https://goo.gl/mh7qDG<https://urldefense.proofpoint.com/v2/url?u=https-3A__goo.gl_mh7qDG&d=DwMFaQ&c=lhMMI368wojMYNABHh1gQQ&r=hk-s-5x_MvcAfVeF-O0-CA&m=2qS3ASf8rhNS16pLIXCs6dZTHCNQ7Q-6dTQB1rh2YgI&s=9cGO90qVqH0kVg9f5TyJAamLU665e-U-Gl62NHWNJwE&e=> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4fe6f2d625ce3eff1326171606ab024bdef006e4.camel%40uvic.ca<https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Duser_4fe6f2d625ce3eff1326171606ab024bdef006e4.camel-2540uvic.ca-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=lhMMI368wojMYNABHh1gQQ&r=hk-s-5x_MvcAfVeF-O0-CA&m=2qS3ASf8rhNS16pLIXCs6dZTHCNQ7Q-6dTQB1rh2YgI&s=YPrc5XgNkfkKLAzrGKTCm1Gucey4lXn_e_tKMplj99U&e=>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BL0PR05MB50420E471E9DAFD696DBF36686A80%40BL0PR05MB5042.namprd05.prod.outlook.com.
