Okay, the map is kept in implementation of HttpSessionStore where
onUnbind method
is overridden to remove the session entry from the map.
This problem also happens when I click logout button in my app where
following code will be executed
LOGGER.info("Invalidating the session {} ...", getCustomSession().getId());
getCoreSession().invalidateNow();
LOGGER.info("Session invalidated?: {}", getSession().isSessionInvalidated());
LOGGER.info("Replacing the current session with a new one to protect
against session fixation attacks...");
getCustomSession().replaceSession(); //tried using changeSessionId,
but it doesn't help
*Thanks And RegardsSibi.ArunachalammCruncher*
On Tue, Sep 21, 2021 at 2:10 PM Martin Grigorov <mgrigo...@apache.org>
wrote:
> Hi,
>
> On Tue, Sep 21, 2021 at 6:57 AM Arunachalam Sibisakkaravarthi <
> arunacha...@mcruncher.com> wrote:
>
> > Hi guys,
> > User Session goes null and other user 's session is updated wrongly.
> >
> > I keep track of session instances in a map with username as key
> >
>
> Where do you keep this map ?
> I guess in some custom implementation of HttpSessionListener ?!
>
>
> > The following happens in a scenario
> > Assume 3 users (foouser, baruser, foobaruser) are there in the system
> >
> > 1. foouser was logged in
> > 1.a) Session (id is 1) is stored in the map
> > 2. baruser was logged in
> > 2.a) Session (id is 2) is stored in the map
> > 3. Session has expired for baruser
> > 3.a) Trying to remove the baruser's session entry from the map
> > 3.b) Got NullPointerException while accessing the session for
> baruser
> > stored in the map, because somehow the session was null, so I couldn't
> > remove the entry from the map for baruser
> > 4. foobaruser was logged in
> > 4.a) Session (id is 3) is stored in the map
> > 4.b) Session (id as 3) is updated in the map for baruser
> >
> > I have two questions
> > 1. How was the baruser's session set to null? (step 3.b)
> > 2. Why baruser's session was updated to the id which belongs to newly
> > logged in user? (step 4.b)?
> >
> > Please help me to understand the problem.
> >
>
> Since the map is managed in your application code we cannot tell you
> without seeing your code.
>
>
> >
> >
> >
> > *Thanks And RegardsSibi.ArunachalammCruncher*
> >
>
