• New Feature
  • Status: Resolved
  • 2 Major
  • Resolution: Won't Fix
  • Sessions
  • teck
  • Reporter: teck
  • April 02, 2007
  • 0
  • Watchers: 0
  • September 06, 2013
  • September 06, 2013


The TC config one specifies the set of context paths for which to enable DSO sessions. Using virtual hosts, it is possible for a single tomcat instance to serve more than one application at the same context path (eg. http://vhost1.example.com/webapp and http://vhost2.example.com/webapp). So, if you say “webapp” in TC config, both of these contexts get DSO sessions. This might not be what someone wants :-)

Additionally, we end up using the same underlying sessions map in this case increasing the risk that session data might leak between the two apps.

No idea if this problem is only specific to tomcat or not (even if it is, it means all the tomcat variants out there inherit this issue (eg. jboss, geronimo, glassfish, etc).


Tim Eck 2007-09-14

revision 5600 adds a workaround for this problem, but isn’t a real fix (http://svn.terracotta.org/fisheye/changelog/Terracotta/?cs=5600)

Maybe we should move the mechanism for declaring a webapp to get DSO session management? A terracotta specific descriptor file under WEB-INF inside of a war would be clear and is well established technique. It is slightly less “drop-in” though