发表新帖
发表新帖

Session mix up - apache httpd with mod_jk, tomcat, spring security - serving data of other user

前端 未结
关注
5 1520
孤城傲影
孤城傲影 2021-01-13 10:07

Recently we have faced a serious problem, that one user was served data of another user. This problem is almost impossible to reproduce.

We are using standard logged

5条回答
  • 南方客
    南方客 (楼主)
    2021-01-13 10:22

    So far we were not able to reproduce the bug, but we have found that some people faced same problem with mod_jk:

    • https://issues.apache.org/bugzilla/show_bug.cgi?id=47714
    • http://grails.1312388.n4.nabble.com/Spring-Security-after-log-in-user-changed-and-session-mixed-up-td4636714.html (at the bottom)

    So now we are running with this settings:

    • JkOptions DisableReuse : http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
    • worker retries = 0 : http://tomcat.apache.org/connectors-doc/reference/workers.html#Advanced Worker Directives

    And we are planning to switch mod_jk for mod_proxy_http.

    I am leaving this question not-answered, because I can't assure (and nobody facing same problem was able to assure) that the solution fixes the bug.

    If anyone could share any information, I would appreciate it a lot! Thanks.

    0 讨论(0)
 看不清?
提交回复
热议问题