cannot selectively enable DSO sessions for a common context path accross virtual hosts

Type: New Feature
Status: Closed
Priority: 2 Major
Resolution: Fixed
Component/s: Sessions
Labels:

Assignee: teck
Reporter: teck
Created: September 25, 2007
Votes: 0
Watchers: 0
Updated:
July 27, 2012
Resolved:
September 25, 2007

Description

The TC config one specifies the set of context paths for which to enable DSO sessions. Using virtual hosts, it is possible for a single tomcat instance to serve more than one application at the same context path (eg. http://vhost1.example.com/webapp and http://vhost2.example.com/webapp). So, if you say “webapp” in TC config, both of these contexts get DSO sessions. This might not be what someone wants :-)

Additionally, we end up using the same underlying sessions map in this case increasing the risk that session data might leak between the two apps.

No idea if this problem is only specific to tomcat or not (even if it is, it means all the tomcat variants out there inherit this issue (eg. jboss, geronimo, glassfish, etc).

Comments

Fiona OShea 2007-09-25

revision 5600 adds a workaround for this problem, but isn’t a real fix (http://svn.terracotta.org/fisheye/changelog/Terracotta/?cs=5600) See CDV-206 to track getting a real fix.