Re: Session Mixup
Any static field storage in your bean object? --David Srinivas Gunturu wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Mixup
Thanks for the quick response. We do have some static final constants in the user bean, but not marked Transient. [EMAIL PROTECTED] 07/14/05 10:26 AM Any static field storage in your bean object? --David Srinivas Gunturu wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Mixup
Hi, It never happened to me and it will not happen also unless there is some serious bug in ur code. Are you six people trying to login simultaneously from different machines? Or trying to login from same system one after another from same system? If it is the second case, then it copuld be the problem with browser cache. Clear cache and check. If it is the second case , check what is given for the scope attribute of the user bean (assuming you used jsp:usebean or something similar). If scope is given as application instead of session (or request) this could happen. regards Srikanth On 7/14/05, Srinivas Gunturu [EMAIL PROTECTED] wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Mixup
All 6 of us are logging simultaneously from different machines. The way, we store the user object in session is inside LoginAction class and not inside the jsp. session.setAttribute(Constants.USER_KEY, userInfo); [EMAIL PROTECTED] 07/14/05 10:34 AM Hi, It never happened to me and it will not happen also unless there is some serious bug in ur code. Are you six people trying to login simultaneously from different machines? Or trying to login from same system one after another from same system? If it is the second case, then it copuld be the problem with browser cache. Clear cache and check. If it is the second case , check what is given for the scope attribute of the user bean (assuming you used jsp:usebean or something similar). If scope is given as application instead of session (or request) this could happen. regards Srikanth On 7/14/05, Srinivas Gunturu [EMAIL PROTECTED] wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Mixup
Ok. One other thought that's burned me once -- servlet instances are recycled between requests without resetting any of it's field members. The next request gets it exactly as the one before left it. That means you should either avoid field members in favor of method parameters + method local variables or be sure to reinitialize them before processing a new request. --David Srinivas Gunturu wrote: All 6 of us are logging simultaneously from different machines. The way, we store the user object in session is inside LoginAction class and not inside the jsp. session.setAttribute(Constants.USER_KEY, userInfo); [EMAIL PROTECTED] 07/14/05 10:34 AM Hi, It never happened to me and it will not happen also unless there is some serious bug in ur code. Are you six people trying to login simultaneously from different machines? Or trying to login from same system one after another from same system? If it is the second case, then it copuld be the problem with browser cache. Clear cache and check. If it is the second case , check what is given for the scope attribute of the user bean (assuming you used jsp:usebean or something similar). If scope is given as application instead of session (or request) this could happen. regards Srikanth On 7/14/05, Srinivas Gunturu [EMAIL PROTECTED] wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session Mixup
From: David Smith [mailto:[EMAIL PROTECTED] Subject: Re: Session Mixup Ok. One other thought that's burned me once -- servlet instances are recycled between requests without resetting any of it's field members. Actually, a given servlet object may be accessed by multiple request-processing threads simultaneously. You always have to think about the scope of any field before deciding what object it should be placed in. E.g., you normally don't want to put request-specific data in a servlet or session object. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Mixup
srinivas, can u post the code fragment which contains all statements from creating the new user bean : userInfo to settin it in session and any other related XML if any On 7/14/05, Srinivas Gunturu [EMAIL PROTECTED] wrote: All 6 of us are logging simultaneously from different machines. The way, we store the user object in session is inside LoginAction class and not inside the jsp. session.setAttribute(Constants.USER_KEY, userInfo); [EMAIL PROTECTED] 07/14/05 10:34 AM Hi, It never happened to me and it will not happen also unless there is some serious bug in ur code. Are you six people trying to login simultaneously from different machines? Or trying to login from same system one after another from same system? If it is the second case, then it copuld be the problem with browser cache. Clear cache and check. If it is the second case , check what is given for the scope attribute of the user bean (assuming you used jsp:usebean or something similar). If scope is given as application instead of session (or request) this could happen. regards Srikanth On 7/14/05, Srinivas Gunturu [EMAIL PROTECTED] wrote: Hello All, I have been fighting this session mix-up problem in our application which is very easily reproducible. Environment: Tomcat 5.0.9 Struts 1.1 Upon user login, we create a user bean object and store on user session. When 6 of us tried to login separately using our own logins, we could see our sessions get mixed up and also seeing other user's name in welcome greeting. I have tried migrating to Tomcat 5.5, tried turning of Tomcat session persistence, tried making user object serializable. Still no luck. Any idea? TIA, Srinivas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session mixup problem in Tomcat with Coyote Connector
Hi, We are independent consultants currently undertaking a study of satisfaction among end-users of Open Source Software, notably Tomcat, for a company which has asked us for recommendations in terms of deploying policy for such systems. I was hoping to set up a quick (5 minute) telephone interview with yourself or the appropriate person to discuss your experience with this product to date. Please feel free to telephone me anytime, or reply to this e-mail indicating an appropriate time/person for me to recall. Thanks for your gracious attention to this request! Best regards, Tracy Tracy Saward Fleetward Group 85 Maskell Street St Heliers Auckland New Zealand Tel: 64 9 575 1626 Fax: 64 9 585 0939 Mail: [EMAIL PROTECTED] -Original Message- From: Krishna Ganti [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 05, 2003 10:58 AM To: [EMAIL PROTECTED] Subject: Session mixup problem in Tomcat with Coyote Connector Hi, We are seeing a session mixup problem in a deployed tomcat instance running with coyote connector. A user is seeing another user's data and request parameters. We took a look at the Coyote code and found out that parameters are not reset till the next request. If a thread switch were to occur during this time (due to an exception), is it possible for session data to get mixed up? Please let us know how we can further investigate the problem or if you have a solution for this. Someone please help ASAP because this is a production issue we are facing. Thanks, Krishna. __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
