DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=44116>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=44116 Summary: Multiple JSESSIONID handling with overlapping domains does not work Product: Tomcat 6 Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Native:JK AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] The changelog notes for mod_jk 1.2.6/1.2.7 specify that mod_jk properly handle multiple JSESSIONID cookies with overlapping domains as described below: "Check all JSESSIONID cookies for a valid jvmRoute. If you have multiple Tomcats with overlapping domains, then you can get multiple cookies without a defined order. This will route correctly as long as the different domains don't have any Tomcats in common. (billbarker)" Unfortunately this feature does not work properly because of a bug in the design implementation. In the source file "jk_lb_worker.c", the function "get_cookie" should get every JSESSIONID cookies contained in the HTTP header but there is a mistake using the char pointers "id_start/id__end". The result is that we just get the first JESSSIONID cookie, the other are simply lost in memory. The bug is reproductible as follow: nc website 80 GET /hello.jsp HTTP/1.0 Then you will get a JSESSIONID Cookie in the HTTP header, for example: Set-Cookie: JSESSIONID=297267684ED72B2F3AB38CFDD4402FC5; Path=/ Finally: nc website 80 GET /hello.jsp HTTP/1.0 Cookie: JSESSIONID=297267684ED72B2F3AB38CFDD4402FC6;JSESSIONID=297267684ED72B2F3AB38CFDD4402FC5; You should not get another JSESSIONID (Set-Cookie option directive) and your request should be forwarded to the correct tomcat worker but it does not work. Actually, mod_jk get the first JSESSIONID which is voluntary invalid but Tomcat does not know it and send us another "Set-Cookie" HTTP option header. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
