Tomcat Session Bug 36541
| > Home |
Tomcat Session Bug 36541 |
|
This page describes two (hopefully) short-term solutions to resolve the issue regarding session attributes NOT being thread safe in Tomcat 5.0.x (since Tomcat 5.0.19). For full details of that issue see Bugzilla #36541.
Credit to Leon Rosenberg for identifying the cause of this issue and reporting it - thanks Leon.
It has been announced that Tomcat will be fixed for this issue. However in the short term there are two solutions available:
Leon Rosenberg had already posted a Patch for Bug 36541 before I even started on this - but unfortunately I hadn't looked at it - assuming it was a source diff for the Tomcat committers to fix the actual Tomcat source. My mistake, however his solution is different from mine - so there may be reasons why you prefer one over the other.
Leon has re-implemented the synchronzation back into Tomcat's StandardSession. To install, you simply download his modified StandardSession class and replace it in the catalina.jar.
Leon reports that he has had his solution live since Friday 9th September and ...so it's been in the production (live) system for 5 nearly days now. Since then we haven't had a single tomcat crash or hangup. Same period a week ago it were about 15 servers. We haven't changed anything else, and the system has served about 500.000.000 (real) requests with the patch, so I assume it can be safely said, that the patch works and solves the bug.
The pool of sessions are managed in Tomcat by a Manager. This patch provides a custom Manager implementation which creates Thread Safe Sessions. The Session implementation it creates extends the StandardSession and synchonizes the methods which access the session's attributes.
Tomcat can be configured to use custom Manager implementations using the <Manager> element in a webapp's context (see the Tomcat Docs for details.
The JMX Proxy Servlet (part of the manager application shipped with tomcat) can be used to verify that this custom Manager implementation is being used for a particuar webapp. See the Using the JMX Proxy Servlet section in the Tomcat docs.
Drop the tomcat-5.0.x-bug36541.jar into your ${CATALINA_HOME}/server/lib directory
Configure the Context for the webapp to use the custom Manager implementation:
Add a context xml file for your webapp to the ${catalina.home}/conf/${ENGINE}/${HOST} directory. So for example for a webapp called MyWebapp, where your engine is called Catalina and host is localhost it would be:
${CATALINA_HOME}/conf/Catalina/localhost/MyWebapp.xml
|
The context file should include something along the following lines:
<Context path="/MyWebapp" docBase="${catalina.home}/webapps/MyWebapp">
<Manager className="org.apache.catalina.session.StandardManagerBug36541"/>
</Context>
|
Fire Up Tomcat and use the "manager" webapp to check the correct Standard Manager is installed. For example, something like:
http://localhost:8080/manager/jmxproxy?qry=*:type=Manager,*
|
You should see details for all the Managers in use for all your webapps. So using the 'MyWebapp' example, something like the following (some bits ommitted):
Name: Catalina:type=Manager,path=/MyWebapp,host=localhost
modelerType: org.apache.catalina.session.StandardManagerBug36541
..
..
className: org.apache.catalina.session.StandardManagerBug36541
..
..
objectName: Catalina:type=Manager,path=/MyWebapp,host=localhost
..
..
info: StandardManager/Patched for Bug #36541
..
..
domain: Catalina name: StandardManagerBug36541
|
The idea for this patch originated from Craig McClanahan but the implementation is my own fault :-(
This software is freely available for download and is licensed under the Apache 2.0 License.