CDV ❯ cannot selectively enable DSO sessions for a common context path accross virtual hosts
-
New Feature
-
Status: Closed
-
2 Major
-
Resolution: Fixed
-
Sessions
-
-
teck
-
Reporter: teck
-
September 25, 2007
-
0
-
Watchers: 0
-
July 27, 2012
-
September 25, 2007
Description
The TC config one specifies the set of context paths for which to enable DSO sessions. Using virtual hosts, it is possible for a single tomcat instance to serve more than one application at the same context path (eg. http://vhost1.example.com/webapp and http://vhost2.example.com/webapp). So, if you say “webapp” in TC config, both of these contexts get DSO sessions. This might not be what someone wants :-)
Additionally, we end up using the same underlying sessions map in this case increasing the risk that session data might leak between the two apps.
No idea if this problem is only specific to tomcat or not (even if it is, it means all the tomcat variants out there inherit this issue (eg. jboss, geronimo, glassfish, etc).
revision 5600 adds a workaround for this problem, but isn’t a real fix (http://svn.terracotta.org/fisheye/changelog/Terracotta/?cs=5600) See CDV-206 to track getting a real fix.