DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12069>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12069 Creation of more HttpSession objects for one previously timed out session Summary: Creation of more HttpSession objects for one previously timed out session Product: Tomcat 4 Version: 4.0.4 Final Platform: PC OS/Version: Windows NT/2K Status: NEW Severity: Major Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Tomcat creates more than one HttpSession object when it gets two or more requests with invalid (old, timed out) session cookie concurrently. For example the server gets two requests with old cookie, checks that the session object has timed out and creates two new HttpSession objects instead of only one. If you store some data to the session attributes when processing both requests, you cannot be sure which data (of these two requests) will be there by the next request, because you cannot influence which cookie will the browser use the next time. The browser gets with these two responses also two different cookies, and probably uses the one which comes later with next request. So you lose all the data stored to the session from the request which finished first. How to reproduce: Download my testing source from http://bimbo.fjfi.cvut.cz/~minarikv/jsp/sessions.zip or make a JSP with the HTML similar to the following: <script> function onLink() { window.open ( 'secondRequest.jsp', 'wizard', 'width=400px,height=250px,resizable=yes'); } </script> <a href="firstRequest.jsp" onclick="onLink();">link</a> Note: This is not a browser problem (tested in MSIE 5.0, MSIE 5.5, MSIE 6.0, Netscape 4.77, and Opera 6.01 with the same result: two sessions were created). The problem must be solved at Tomcat side, when it gets an old cookie more than once. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
