Okay, the map is kept in implementation of HttpSessionStore where onUnbind method is overridden to remove the session entry from the map.
This problem also happens when I click logout button in my app where following code will be executed LOGGER.info("Invalidating the session {} ...", getCustomSession().getId()); getCoreSession().invalidateNow(); LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated()); LOGGER.info("Replacing the current session with a new one to protect against session fixation attacks..."); getCustomSession().replaceSession(); //tried using changeSessionId, but it doesn't help *Thanks And RegardsSibi.ArunachalammCruncher* On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org> wrote: > Hi, > > On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi < > arunacha...@mcruncher.com> wrote: > > > Hi guys, > > User Session goes null and other user 's session is updated wrongly. > > > > I keep track of session instances in a map with username as key > > > > Where do you keep this map ? > I guess in some custom implementation of HttpSessionListener ?! > > > > The following happens in a scenario > > Assume 3 users (foouser, baruser, foobaruser) are there in the system > > > > 1. foouser was logged in > > 1.a) Session (id is 1) is stored in the map > > 2. baruser was logged in > > 2.a) Session (id is 2) is stored in the map > > 3. Session has expired for baruser > > 3.a) Trying to remove the baruser's session entry from the map > > 3.b) Got NullPointerException while accessing the session for > baruser > > stored in the map, because somehow the session was null, so I couldn't > > remove the entry from the map for baruser > > 4. foobaruser was logged in > > 4.a) Session (id is 3) is stored in the map > > 4.b) Session (id as 3) is updated in the map for baruser > > > > I have two questions > > 1. How was the baruser's session set to null? (step 3.b) > > 2. Why baruser's session was updated to the id which belongs to newly > > logged in user? (step 4.b)? > > > > Please help me to understand the problem. > > > > Since the map is managed in your application code we cannot tell you > without seeing your code. > > > > > > > > > > *Thanks And RegardsSibi.ArunachalammCruncher* > > >