JRun creates a session when either getRemoteUser() or getUserPrincipal() is called, even though the JSP/Servlet has used getSession(false) to not create a session. This is logged as issue 66372.
JRun engineering has fixed the problem and provided a hot fix. Follow the instructions below to apply the hot fix.
Note: Adobe strongly recommends installing and testing hot fixes in your test/staging environment prior to deployment on live production systems.
- This hot fix is compatible with JRun 4 Updater 6 (build 106363) and greater. You can verify your build number by using one of the following options:
- Open the JRun Management Console. Select the Settings, then Version links to display the build number.
- Run the following command at the command prompt:
On Windows 2000, NT and Win9x:
On Unix and Linux: