cvs commit: jakarta-tomcat-connectors KEYS

mturk 2003/01/10 23:59:11 Modified:.KEYS Log: Change my PGP Signing key Revision ChangesPath 1.10 +27 -27jakarta-tomcat-connectors/KEYS Index: KEYS === RCS file: /home/cvs/jakarta-

cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java

costin 2003/01/10 23:08:33 Modified:coyote/src/java/org/apache/coyote BaseHook.java Log: Added NotificationListener. JMX notifications are not as flexible - I really don't know what is the best solution here. Less flexibility might be very good - it can keep things simpler.

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads ThreadPool.java

costin 2003/01/10 22:55:24 Modified:util/java/org/apache/tomcat/util/threads ThreadPool.java Log: Update ThreadPool. Revision ChangesPath 1.7 +20 -51 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads/ThreadPool.java Index: ThreadPool.java

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads ThreadWithAttributes.java

costin 2003/01/10 22:53:43 Added: util/java/org/apache/tomcat/util/threads ThreadWithAttributes.java Log: Moved ThreadWithAttribute out of ThreadPool. All attribute operations are guarded by ThreadPool - if an application has a reference to ThreadPoo

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads ThreadPoolMX.java

costin 2003/01/10 22:52:27 Added: util/java/org/apache/tomcat/util/threads ThreadPoolMX.java Log: Added a "JMX" extension to threadpool. This will keep the ThreadPool independent of JMX. Also added few "informative" methods to display the threads and the status of each

Re: cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java

Bill Barker wrote: >> Jeanfrancois Arcand wrote: >> >> > Hi Costin, (you beat me on the proposal :-) ) >> >> Actually - this is a different story ( JMX-enabling different componets). >> I'll check in similar additions to ValveBase, BaseContainer, >> CoyoteConnector. >> > > I currently have custom

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/valves AccessLogValve.java

costin 2003/01/10 21:12:48 Modified:catalina/src/share/org/apache/catalina/valves AccessLogValve.java Log: I did that long ago - it just add %D to display the time in millis ( like in apache ) Usefull for people with fast servlets :-) Revision Chang

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ContainerBase.java

costin 2003/01/10 21:07:50 Modified:catalina/src/share/org/apache/catalina/core ContainerBase.java Log: Let ContainerBase know its own name ( and domain ) We can't change the Container interface ( that would break backward compat ), but there is no nee

JSR77 names for Context ( and ServletWrapper )

I'm not very familiar with the /admin - how difficult would it be to change the naming format for Contexts ? JSR77 defines some pretty clear names for Context and Servet - and I think we should use that where possible. Another issue I have is the name of the Valves, which uses the hashcode of

Re: cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java

- Original Message - From: "Costin Manolache" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 10, 2003 8:16 PM Subject: Re: cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java > Jeanfrancois Arcand wrote: > > > Hi Costin, (you beat me o

Re: Duplicate session IDs are *common*

Dirk-Willem van Gulik wrote: On 10 Jan 2003, Eric Rescorla wrote: There's nothing wrong with what you propose, but it's sort of like saying "maybe I should wear a helmet at all times because a meteor might drop on my head". Sure, it could happen, btu it's not the thing I'd worry about. Exce

Re: cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java

Jeanfrancois Arcand wrote: > Hi Costin, (you beat me on the proposal :-) ) Actually - this is a different story ( JMX-enabling different componets). I'll check in similar additions to ValveBase, BaseContainer, CoyoteConnector. The idea is for each component to be aware of its name and domain,

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Request.java

billbarker2003/01/10 19:00:07 Modified:src/share/org/apache/tomcat/core Request.java Log: Make certain that the session still belong to us before returning it. If the Servlet invalidates the session, and then later requests a new one, it is possible for the one we have to be va

DO NOT REPLY [Bug 15967] - IllegalStateException not thrown by HttpSession.getLastAccessedTime() if session has been invalidated.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session LocalStrings.properties LocalStrings_fr.properties StandardSession.java

jfarcand2003/01/10 18:50:06 Modified:catalina/src/share/org/apache/catalina/session LocalStrings.properties LocalStrings_fr.properties StandardSession.java Log: According to the javadocs for HttpSession.getLastAccessedTime(), and Illeg

cvs commit: jakarta-tomcat-catalina/webapps/docs realm-howto.xml

glenn 2003/01/10 18:02:20 Modified:webapps/docs realm-howto.xml Log: Port addition of menu to realm docs Revision ChangesPath 1.6 +29 -0 jakarta-tomcat-catalina/webapps/docs/realm-howto.xml Index: realm-howto.xml

Re: JNDIRealm feature enhancements

I have applied your patch and updated the realm-howto.xml docs in both Tomcat 4 and Tomcat 5. Thanks for the patch. Glenn Bradley M. Handy wrote: After setting up a JNDIRealm for the Manager app, I noticed after a while the connection times out and returns NULL automatically. I was wondering

cvs commit: jakarta-tomcat-catalina/webapps/docs realm-howto.xml

glenn 2003/01/10 17:57:39 Modified:catalina/src/share/org/apache/catalina/realm JNDIRealm.java webapps/docs realm-howto.xml Log: Port JNDIRealm alternateURL patch to Tomcat 5 Revision ChangesPath 1.4 +122 -30 jakarta-tomcat-catalina/catalina/src/

cvs commit: jakarta-tomcat-catalina/webapps/docs tomcat-docs.xsl

glenn 2003/01/10 17:52:21 Modified:webapps/docs tomcat-docs.xsl Added: webapps/docs/images printer.gif Log: Add support for generating printer friendly docs Revision ChangesPath 1.1 jakarta-tomcat-catalina/webapps/docs/images/printer.gif

cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs realm-howto.xml

glenn 2003/01/10 17:47:13 Modified:.RELEASE-NOTES-4.1.txt catalina/src/share/org/apache/catalina/realm JNDIRealm.java webapps/tomcat-docs realm-howto.xml Log: Apply JNDIRealm patch to add alternateURL provided by Brad Handy Revision Chang

Re: cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyoteBaseHook.java

Hi Costin, (you beat me on the proposal :-) ) what about having a concept of a chain somewhere (meaning hooks chain (handler :-) ). This way handler doesn't need to know which comes next (or previous), but the handler chain knows it. What I was having in mind was being able to define somewhere:

cvs commit: jakarta-tomcat-4.0/webapps/tomcat-docs/images printer.gif

glenn 2003/01/10 17:18:17 Added: webapps/tomcat-docs/images printer.gif Log: Add a printer image for when we make printer friendly docs Revision ChangesPath 1.1 jakarta-tomcat-4.0/webapps/tomcat-docs/images/printer.gif <> -- To unsub

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java

glenn 2003/01/10 17:17:31 Modified:catalina/src/share/org/apache/catalina/servlets HTMLManagerServlet.java Log: Fix file upload install on Windows, reformat code to 80 col Revision ChangesPath 1.14 +40 -19 jakarta-tomcat-4.0/catalina/src

cvs commit: jakarta-tomcat-4.0/webapps/manager build.xml

glenn 2003/01/10 17:16:59 Modified:webapps/manager build.xml Log: Fix build, images were not being copied Revision ChangesPath 1.10 +1 -1 jakarta-tomcat-4.0/webapps/manager/build.xml Index: build.xml =

DO NOT REPLY [Bug 15966] - Jasper parser is incorrectly handling empty jsp:body elements

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 15961] - getBodyContent() is not returning null when the action has only jsp:attribute actions within the body.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler Generator.java Node.java

luehe 2003/01/10 16:52:14 Modified:jasper2/src/share/org/apache/jasper/compiler Generator.java Node.java Log: Fixed 15961: getBodyContent() is not returning null when the action has only jsp:attribute actions within the body. Revision ChangesPath

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler Parser.java

luehe 2003/01/10 16:51:36 Modified:jasper2/src/share/org/apache/jasper/compiler Parser.java Log: Fixed 15966: Jasper parser is incorrectly handling empty jsp:body elements Revision ChangesPath 1.55 +11 -29 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasp

cvs commit: jakarta-servletapi-5/jsr154/src/share/javax/servlet GenericServlet.java

craigmcc2003/01/10 16:26:02 Modified:jsr154/src/share/javax/servlet GenericServlet.java Log: Remove spurious logging from init() and destroy(), ported forward from the same change made a while back in jakarta-servletapi-4. Revision ChangesPath 1.2 +0 -2 jaka

DO NOT REPLY [Bug 15851] - Parser generates a NullPointerException for invalid use case of jsp:attribute instead of a useful message.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties messages_fr.properties messages_ja.properties

kinman 2003/01/10 16:11:06 Modified:jasper2/src/share/org/apache/jasper/compiler Node.java Parser.java TagPluginManager.java jasper2/src/share/org/apache/jasper/resources messages.properties messages_es.properties

cvs commit: jakarta-tomcat-connectors gump.xml

costin 2003/01/10 16:05:10 Modified:.gump.xml Log: Add jmx deps in gump. Revision ChangesPath 1.10 +23 -1 jakarta-tomcat-connectors/gump.xml Index: gump.xml === RCS file: /home/cvs/

cvs commit: jakarta-tomcat-connectors/coyote build.xml

costin 2003/01/10 16:03:01 Modified:coyote build.xml Log: Add the jmx dependency. Add a separate target that just builds for tomcat5, to avoid all the detection. Revision ChangesPath 1.16 +12 -1 jakarta-tomcat-connectors/coyote/build.xml Index: bui

DO NOT REPLY [Bug 15982] New: - jdbc realm - digest for cleartext pw does not work

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Email Rejected: Unknown or disallowed attachment type

Received: from [198.76.25.3] (HELO nns.voyanttech.com) by voyanttech.com (CommuniGate Pro SMTP 3.4b3) with SMTP id 3430066 for [EMAIL PROTECTED]; Fri, 10 Jan 2003 16:06:16 -0700 Received: from exchange.sun.com (exchange.sun.com [192.18.33.10]) by nns.voyanttech.com (8.9.3+Sun/8.9.3) wit

JNDIRealm feature enhancements

After setting up a JNDIRealm for the Manager app, I noticed after a while the connection times out and returns NULL automatically.  I was wondering, if instead of returning NULL, JNDIRealm to try to reconnect and then authenticate, and then return NULL, if a failure results from that attemp

DO NOT REPLY [Bug 15672] - DBCP doesn't work on Tomcat 4.1.18 with Oracle JDBC driver

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote BaseHook.java

costin 2003/01/10 14:36:43 Added: coyote/src/java/org/apache/coyote BaseHook.java Log: Added a base implementation of ActionHook - with some small additions :-) First, there is a getNext/setNext to allow multiple hooks to be chained. Both recursive and iterative will be sup

DO NOT REPLY [Bug 15672] - DBCP doesn't work on Tomcat 4.1.18 with Oracle JDBC driver

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Re: Duplicate session IDs are *common*

Costin Manolache <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes: > > > >> > ID provides a statistical probability of collision so low that > >> > there is no need to explicitly check for uniqueness. > >> > >> Or just add a syncronized i

Re: Duplicate session IDs are *common*

Combining two messages... Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes: > > Securely random and unpredictable are effectively the same thing. > > Depends on your definition; one-way-function((count++) + (secret)) is > quite unpredictable; expcet for those knowing the secret. Secure random >

Proposal: RUNNING.TXT classpath update

It seems many people are frustrated because Tomcat doesn't work right away, which is mainly because of faulty classpath settings, a lack in the setup documentation. I'd suggest someone add to the RUNNING.TXT doc at the end of the part "(1) Download and Install the Tomcat 4.0 Binary Distribution",

trouble with jk2 vs. Apache2 on OSX 10.2.3: "Segmentation fault$HTTPD -k $ARGV"

i've successfully installed Apache2 & Tomcat on OSX 10.2.3 both run great in standalone . but Apache2 + Coyote jk2 refuses to launch/function Apache2 is a CVS build, & server-info is: Server Version: Apache/2.1.0-dev (Unix) mod_perl/1.99_07-dev Perl/v5.8.0 PHP/4.4.0-dev mod_auth_

Re: Duplicate session IDs are *common*

Costin Manolache wrote: I find it amazing that 2 people reported beeing hit by meteors (duplicate session ids ) in the same week. I find it odd that it actually happened ... You're right - a counter is better than time. It'll duplicate the counter if tomcat is restarted - so probably the ini

Re: Duplicate session IDs are *common*

Eric Rescorla wrote: > Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes: > >> > ID provides a statistical probability of collision so low that >> > there is no need to explicitly check for uniqueness. >> >> Or just add a syncronized i++ to make sure. > Yes. > > There's nothing wrong with what y

cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/net/res LocalStrings.properties LocalStrings_fr.properties

remm2003/01/10 12:22:38 Modified:util/java/org/apache/tomcat/util/net PoolTcpEndpoint.java util/java/org/apache/tomcat/util/net/res LocalStrings.properties LocalStrings_fr.properties Log: - Refactor the server socket restart code. Revis

DO NOT REPLY [Bug 15974] New: - Original stack trace is lost

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Re: Duplicate session IDs are *common*

On 10 Jan 2003, Eric Rescorla wrote: > There's nothing wrong with what you propose, but it's sort of > like saying "maybe I should wear a helmet at all times > because a meteor might drop on my head". Sure, it could happen, > btu it's not the thing I'd worry about. Except that hash( i++ . secre

Re: Duplicate session IDs are *common*

> Securely random and unpredictable are effectively the same thing. Depends on your definition; one-way-function((count++) + (secret)) is quite unpredictable; expcet for those knowing the secret. Secure random generators give you a value which is unpredictable for all. And are a lot more expensi

Re: Duplicate session IDs are *common*

Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes: > > ID provides a statistical probability of collision so low that > > there is no need to explicitly check for uniqueness. > > Or just add a syncronized i++ to make sure. Yes. There's nothing wrong with what you propose, but it's sort of like sa

Re: Duplicate session IDs are *common*

Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes: > On Fri, 10 Jan 2003, Glenn Olander wrote: > > > 1) a good PRNG, such as secureRandom > > Why does it need to be securely random; surely unpredicatable is good > enough ? Securely random and unpredictable are effectively the same thing. -Ekr

Re: Duplicate session IDs are *common*

> ID provides a statistical probability of collision so low that > there is no need to explicitly check for uniqueness. Or just add a syncronized i++ to make sure. Dw. -- To unsubscribe, e-mail: For additional commands, e-mail:

Re: Duplicate session IDs are *common*

On Fri, 10 Jan 2003, Glenn Olander wrote: > 1) a good PRNG, such as secureRandom Why does it need to be securely random; surely unpredicatable is good enough ? > 2) a uniqueness guarantee count++ +":"+myip+":"+myport is also quite unqiue :-) DW. -- To unsubscribe, e-mail:

Re: Duplicate session IDs are *common*

I saw another problem that had similar symptoms to duplicate session ID's. My application was getting collisions between different users having the same session ID using tomcat 4.0.5. I found that the request headers were not being cleared out when they were recycled so that cookies from a current

DO NOT REPLY [Bug 15967] New: - IllegalStateException not thrown by HttpSession.getLastAccessedTime() if session has been invalidated.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Re: Duplicate session IDs are *common*

Costin Manolache <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > Jim Jagielski <[EMAIL PROTECTED]> writes: > > > >> Eric Rescorla wrote: > >> > > >> > Glenn Olander <[EMAIL PROTECTED]> writes: > >> > > 5) The strength of the PRNG is largely irrelevant > >> > > > >> > > As a user, I wo

Re: Duplicate session IDs are *common*

Glenn Olander <[EMAIL PROTECTED]> writes: > I think you may have misunderstood. I'm just pointing out that, from a > user's > > perspective, a good solution requires two elements: > > 1) a good PRNG, such as secureRandom > 2) a uniqueness guarantee > > I'm not saying a PRNG is unneeded. I'm jus

Re: Duplicate session IDs are *common*

Jim Jagielski <[EMAIL PROTECTED]> writes: > Of course, as you said, it depends on the range and the timespan. > > But it doesn't change the fact that randomness != uniqueness, which is > what Glenn's point was I think. Perhaps not from a theoretical persective, but from a practical perspective it

Re: Duplicate session IDs are *common*

I think you may have misunderstood. I'm just pointing out that, from a user's perspective, a good solution requires two elements: 1) a good PRNG, such as secureRandom 2) a uniqueness guarantee I'm not saying a PRNG is unneeded. I'm just saying a good one like PRNG is good enough as long as it i

Re: Duplicate session IDs are *common*

On Fri, 10 Jan 2003, Jim Jagielski wrote: > But it doesn't change the fact that randomness != uniqueness, which is > what Glenn's point was I think. Just as an example; doing on issue syncronized count++; id = count.ipaddr add port if you must :-) gives you a r

Re: Duplicate session IDs are *common*

Eric Rescorla wrote: > Jim Jagielski <[EMAIL PROTECTED]> writes: > >> Eric Rescorla wrote: >> > >> > Glenn Olander <[EMAIL PROTECTED]> writes: >> > > 5) The strength of the PRNG is largely irrelevant >> > > >> > > As a user, I wouldn't trust any solution which lacks a check for >> > > duplicate

Re: Duplicate session IDs are *common*

The check will verify that the session id doesn't duplicate another active session. If the session expires - it is still possible ( even if extremely unlikely ) that a user will reuse the same browser window and get into someone's else session. I think this is as likely as someone using a random

Re: Duplicate session IDs are *common*

At 10:42 AM -0800 1/10/03, Eric Rescorla wrote: >Jim Jagielski <[EMAIL PROTECTED]> writes: > >> Eric Rescorla wrote: >> > >> > Glenn Olander <[EMAIL PROTECTED]> writes: >> > > 5) The strength of the PRNG is largely irrelevant >> > > >> > > As a user, I wouldn't trust any solution which lacks a chec

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/loader WebappLoader.java

costin 2003/01/10 10:59:50 Modified:catalina/src/share/org/apache/catalina/loader WebappLoader.java Log: Some info for the jmx console. It's nice to see the repositories. It would also be nice to have a method to display info about how a class will be

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans GlobalResourcesLifecycleListener.java

costin 2003/01/10 10:57:06 Modified:catalina/src/share/org/apache/catalina/mbeans GlobalResourcesLifecycleListener.java Log: If no java: naming is found - report it but don't be too verbose. Revision ChangesPath 1.2 +6 -7 jakarta-tomca

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/mbeans ServerLifecycleListener.java

costin 2003/01/10 10:55:58 Modified:catalina/src/share/org/apache/catalina/mbeans ServerLifecycleListener.java Log: Use commons-logging. Most of the code here should disapear as we add it in the core objects ( remember - we voted that 5.0 will require and

DO NOT REPLY [Bug 15966] New: - Jasper parser is incorrectly handling empty jsp:body elements

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/startup Catalina.java

costin 2003/01/10 10:48:49 Modified:catalina/src/share/org/apache/catalina/startup Catalina.java Log: Some versions of digester ( head ? ) seem to require the classloader to be set. It doesn't hurt to set it explicitely. Revision ChangesPath 1.12 +6 -7 jakar

Re: Duplicate session IDs are *common*

Jim Jagielski <[EMAIL PROTECTED]> writes: > Eric Rescorla wrote: > > > > Glenn Olander <[EMAIL PROTECTED]> writes: > > > 5) The strength of the PRNG is largely irrelevant > > > > > > As a user, I wouldn't trust any solution which lacks a check for > > > duplicate session id's, regardless of the

DO NOT REPLY [Bug 15964] New: - Wrong source paths in generated SMAP file entries

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

cvs commit: jakarta-servletapi-5/jsr152/examples/WEB-INF/jsp2 jsp2-example-taglib.tld

kinman 2003/01/10 10:21:38 Modified:jsr152/examples/WEB-INF/jsp2 jsp2-example-taglib.tld Log: - Patch by Jan Luehe: has always been mandatory, but is only now being enforced. Revision ChangesPath 1.2 +1 -0 jakarta-servletapi-5/jsr152/examples/WEB-INF/js

cvs commit: jakarta-servletapi-5/jsr154/src/share/dtd jsp_2_0.xsd

kinman 2003/01/10 10:17:03 Modified:jsr152/src/share/dtd jsp_2_0.xsd jsr152/src/share/javax/servlet/jsp/tagext TagInfo.java VariableInfo.java jsr154/src/share/dtd jsp_2_0.xsd Log: - Patch by Mark Roth: Fixes leading up to th

Re: Duplicate session IDs are *common*

Eric Rescorla wrote: > > Glenn Olander <[EMAIL PROTECTED]> writes: > > 5) The strength of the PRNG is largely irrelevant > > > > As a user, I wouldn't trust any solution which lacks a check for > > duplicate session id's, regardless of the strength of the PRNG. > This doesn't seem to me to be a p

DO NOT REPLY [Bug 15962] New: - New option to create the package name based on the jsp directory structure

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Re: Duplicate session IDs are *common*

Glenn Olander <[EMAIL PROTECTED]> writes: > 5) The strength of the PRNG is largely irrelevant > > As a user, I wouldn't trust any solution which lacks a check for > duplicate session id's, regardless of the strength of the PRNG. This doesn't seem to me to be a plausible position in view of the fac

DO NOT REPLY [Bug 15961] New: - getBodyContent() is not returning null when the action has only jsp:attribute actions within the body.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 15959] New: - Confusing Error Message with jsp:forward

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

Re: Duplicate session IDs are *common*

Here's a follow-up on the bug report I submitted that started this thread. 1) We confirmed the problem is a duplicate session id. Luckily we were logging session id's. It took a lot of hunting through access logs, but we did indeed find two sessions which were started a couple of minutes apart, w

Re: Proposal: CanAccessLink(..) test

Hi Marki, see inline Mark Harwood wrote: Its cool having authorisation restrictions enforced when accessing a page but it would also be useful to query these restrictions when choosing to offer a link in other pages. I have an implementation which offers this query capability based on a hack

RE: Duplicate session IDs are *common*

On Thu, 9 Jan 2003, Schnitzer, Jeff wrote: > One thing to contemplate is that if you have 100,000 sessions and you > get 10 new sessions created every second, that's the equivalent of 1 > million inadvertent hack attempts every single second. Granted that's > still small compared to the total s

Proposal: CanAccessLink(..) test

Its cool having authorisation restrictions enforced when accessing a page but it would also be useful to query these restrictions when choosing to offer a link in other pages. I have an implementation which offers this query capability based on a hack of Tomcat authorisation code. The method si

RE: Duplicate session IDs are *common*

> Note that you would need 1 million sessions that are active > at the same time - if a session expires and the id is reused > there is no harm. If I leave my browser open and go for lunch and someone else gets my expired session id, I return and continue browsing, wouldn't that cause problems?

Re: Duplicate session IDs are *common*

I was unable to reproduce a collision too. I took ManagerBase and converted it to a standalone java program (by stripping out code) to see if I might get duplicates. But I keep running out of memory near 1 million sessions. java Collide 1 Generates 1 ids. (Change the number to change th

cvs commit: jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote ActionCode.java

remm2003/01/10 02:21:34 Modified:coyote/src/java/org/apache/coyote ActionCode.java Log: - Fix code number. Revision ChangesPath 1.12 +1 -1 jakarta-tomcat-connectors/coyote/src/java/org/apache/coyote/ActionCode.java Index: ActionCode.java

Re: Calling into Servlet Container without HTTP

Kelly Chen wrote: Hi, there: I am looking for a way to invoke a Servlet without going through HTTP. I understand that this has to be container specific logic, so I would like to do this on Tomcat 4.1.18. The idea is to use JSP as a template system, but JSP has be to run inside a Servlet Conta

[Fwd: Tomcat manager - Java client]

FYI. --- Begin Message --- I've written a Java client that talks to the Tomcat servlet manager application. The program allows you to view, stop, start and reload servlet applications and acts as a visual front end to the Tomcat manager. The program isn't complete but is still useful in its cur

DO NOT REPLY [Bug 14391] - tomcat.exe Fails with an Application Exception (access violation)

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 15950] New: - automatic assignment of context path leads to http 404 errors for servlets

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 15944] - Compiled JSP page includes default setContentType() Call when not specified in the JSP page.

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bu