From boundary="----=_NextPart_000_17A7_01BFC571.59875180" Received: (qmail 43670 invoked by uid 500); 24 May 2000 03:15:11 -0000 Message-Id: <17aa01bfc52e$4ebbc800$0b01a8c0@dotcomlimited.com> Date: Wed, 24 May 2000 11:15:21 +0800 From: "Anita Chan" To: , Cc: Subject: session values are somehow reused without consistence checking in Apache/Jserv. >Number: 6113 >Category: pending >Synopsis: session values are somehow reused without consistence checking in Apache/Jserv. >Confidential: yes >Severity: non-critical >Priority: medium >Responsible: gnats-admin >State: closed >Quarter: >Keywords: >Date-Required: >Class: mistaken >Submitter-Id: unknown >Arrival-Date: Tue May 23 20:20:01 PDT 2000 >Closed-Date: Wed May 24 09:11:56 PDT 2000 >Last-Modified: Wed May 24 09:11:56 PDT 2000 >Originator: >Release: >Organization: >Environment: >Description: This is a multi-part message in MIME format. ------=_NextPart_000_17A7_01BFC571.59875180 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear Support, I am using Apache HTTP Server 1.3.6 with Apache Jserv 1.0 for an = Internet based email system. My system is written with Java 1.1.7 and = Java 1.2, which is heavily relied on lots of session values. I used = lots of codes to remember different clients' status, which are similar = to the following: session.putValue(".....", ".....");=20 session.getValue("....."); =20 [In average I have 50-300 session values per request ] However, I found that some session values would "mess up" when I have = more and more session requests. Eventually, all the displayed = information would scope up as result of the incorrect session values. = For example, I put down a set of session value for A, and another set of = session values for B [those session values include their browser info, = their unique ID and their password]. Initially, there is nothing wrong, = client A and client B can only see their information. However, when = more and more clients log on to the system, client A may see client B = information rather than his information. If I restart the Apache, then = everything would back to normal. It seem to me, it is an internal bug in the Apache Jserv engine. The = session values are somehow reused without some consistence checking in Apache/Jserv. Do you have any suggestion = for me to eliminate the problem? I notice the Jserv 1.1.1 is just = released, do you think if I upgrade to the new version would help? = Besides, may I know if the bug is fixed in the new version, does it = have any limitation on the number (or size) of session values? How long = would it clean up / refresh those session values? =20 Thanks for your help. Regards, Anita Chan ^ ^ ------=_NextPart_000_17A7_01BFC571.59875180 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Dear Support,
 
I am using Apache HTTP Server 1.3.6 = with Apache=20 Jserv 1.0 for an Internet based email system.  My system is=20 written with Java 1.1.7 and Java 1.2, which is heavily relied = on lots=20 of session values.  I used lots of codes to remember different = clients' status, which are similar to the following:
 
    = session.putValue(".....",=20 ".....");
    session.getValue(".....");
   
    [In average I=20 have 50-300 session values per request ]
 
However, I found that some session = values=20 would "mess up" when I have more and more session requests.  = Eventually,=20 all the displayed information would scope up as result of the incorrect = session=20 values.  For example, I put down a set of session value for A, and = another=20 set of session values for B [those session values include their browser = info,=20 their unique ID and their password].  Initially, there is nothing = wrong,=20 client A and client B can only see their information.  = However, when=20 more and more clients log on to the system, client A may see client B=20 information rather than his information.  If I restart the Apache, = then=20 everything would back to normal.
 
It seem to me, it is an internal bug in = the Apache=20 Jserv engine.  The session values are somehow reused=20 without
some consistence checking in Apache/Jserv.  Do you have = any=20 suggestion for me to eliminate the problem?  I notice the Jserv = 1.1.1 is=20 just released, do you think if I upgrade to the new version would = help? =20 Besides,  may I know if the bug is fixed in the new version, does = it have=20 any limitation on the number (or size) of session values?  How long = would=20 it clean up / refresh those session values? 
 
Thanks for your = help.

Regards,
 
Anita Chan ^ = ^
------=_NextPart_000_17A7_01BFC571.59875180-- >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Wed May 24 09:11:55 PDT 2000 State-Changed-Why: [This is a standard response.] This is a CGI programming or basic configuration issue. As mentioned on the main bug database page, we must refer all such basic or non-Apache-related questions to the comp.infosystems.www.servers.unix and related newsgroups. Please ask your question there. Please also search the FAQ and the bug database. Thanks for using Apache! Class-Changed-From-To: sw-bug-mistaken Class-Changed-By: coar Class-Changed-When: Wed May 24 09:11:55 PDT 2000 Severity-Changed-From-To: serious-non-critical Severity-Changed-By: coar Severity-Changed-When: Wed May 24 09:11:55 PDT 2000 >Unformatted: