DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=37356>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=37356 ------- Additional Comments From [EMAIL PROTECTED] 2006-03-10 12:04 ------- (In reply to comment #25) > (In reply to comment #24) > > Proposed patch: > > -1. Pretend you read my comment. Well, apart from the fact that I wrote my comment while you posted yours (mid-air-collision) I don't see any obvious reason against syncing the accessCount with the volatile keyword. The accesscount obviously needs to be synchronized in some way (or be removed, which I don't fancy because of large, time consuming, downloads). Of course I would be happy to improve my understanding, so please explain. For the "rare" issue. We see quite some of these stale sessions. (appx. 2-10 a day) I'm not saying that this is a major security issue, but it over time it gives an attacker quite a chance to guess some sessionId. Many people will not even be aware of this issue, because you can only see it if you keep track of sessions yourself. All others might take a look into the manager application and enjoy the number of concurrent users they usually have, not knowing those sessions should have expired a long time ago. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
