ChristopherSchultz commented on PR #596: URL: https://github.com/apache/tomcat/pull/596#issuecomment-1463902816
The problem is that there is a window of opportunity between the existing `DELETE` and `INSERT` where the `session_id` column (which is `UNIQUE` or equivalent) can be `INSERT`ed by another thread. Changing the definition of the table to include a separate PK and removing the `UNIQUE` constraint from the `session_id` column is one way to solve this issue, but it would break any existing installation which is _not_ using that kind of table definition. I would definitely *not* want to do that for a point-release, and my goal here is to back-port this all the way back to 8.5 at this point. I think some larger changes could be made separately from this current effort, and restricted to maybe Tomcat 11.0.x and later. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
