2011/6/15 Jocelyn Ireson-Paine <p...@j-paine.org>: > ResponseHolder rh = (ResponseHolder)this_session.getAttribute( > "response_holder" ); > out.println( "rh = " + rh + ".<BR>" ); > if ( rh == null ) { > out.println( "rh is null.<BR>" ); > rh = new ResponseHolder( response ); > this_session.setAttribute( "response_holder", rh ); >(...) > If this a bug, is there any chance of getting it fixed, or of getting a > circumvention? If I'm doing something bad, please tell me. >
It is not a bug. It is just you doing something bad. The request and response objects must never be accessed outside the request processing cycle. The objects are recycled and cleared or reused for subsequent request and responses, and are not guaranteed to be thread-safe. The consequences can be severe. There is a configuration option (a system property) that forces recycling (zeroing) those objects, to spot misappropriate references more easily. http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org