2011/6/15 Jocelyn Ireson-Paine <p...@j-paine.org>:
> ResponseHolder rh = (ResponseHolder)this_session.getAttribute(
> "response_holder" );
> out.println( "rh = " + rh + ".<BR>" );
> if ( rh == null ) {
> out.println( "rh is null.<BR>" );
> rh = new ResponseHolder( response );
> this_session.setAttribute( "response_holder", rh );
>(...)
> If this a bug, is there any chance of getting it fixed, or of getting a
> circumvention? If I'm doing something bad, please tell me.
>
It is not a bug. It is just you doing something bad.
The request and response objects must never be accessed outside the
request processing cycle. The objects are recycled and cleared or
reused for subsequent request and responses, and are not guaranteed to
be thread-safe. The consequences can be severe.
There is a configuration option (a system property) that forces
recycling (zeroing) those objects, to spot misappropriate references
more easily.
http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Security
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
