Session persistence (during restart) not working after upgrade to 7.0.52-1ubuntu0.6
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tomcat7 (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
I have Tomcat 7 on Ubuntu 14.04. Last week I installed the Ubuntu security updates through apt-get and it upgraded Tomcat to version 7.0.52-1ubuntu0.6 (not sure what the previous version was, most likely the one right before that since I update on a regular basis). Ever since that upgrade, session persistence during restart is broken in Tomcat 7, meaning that all user sessions get killed when I restart Tomcat or the webapp.
This used to work fine. So I tried downgrading the Tomcat packages. I didn't find a way to downgrade to "7.0.52-1ubuntu0.5" so I downgraded to "7.0.52-1" instead:
sudo apt-get install tomcat7=7.0.52-1
sudo apt-get install tomcat7-
sudo apt-get install tomcat7-
sudo apt-get install libtomcat7-
As soon as I did this, session persistence started to work again. I tried this on a different computer and the result was the same. I tried upgrading again and the problem was back. So there really seem to be something in this update that breaks session persistence.
I tried it after each step while downgrading the 4 packages listed above, and it only started to work after the last step was done, so maybe the problem is with the libtomcat7-java package.
| Christian Ehrhardt (paelzer) wrote | #1 |
| tags: | added: regression-update |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in tomcat7 (Ubuntu): | |
| status: | New → Confirmed |
Subscribing security Team, was there anything related to sessions in this update.
@David L. - there never was a 7.0.52-1ubuntu0.5 published, down to 7.0.52-1ubuntu0.3 might have worked.
Also update "7.0.52-1ubuntu0.7" contains something in regard to "SECURITY REGRESSION: change in behaviour after security update" - you might check if it helps you as well.