Re: Struts2 login action class seems to be reused

[Yasser Zamani]

On 3/8/2018 6:42 PM, Prasanth Pasala wrote:
> Wish I was able to consistently reproduce it. I have two thread groups in 
> JMeter one thread group requests login page then logs in. Another thread 
> group just requests login page. I have tried this
> with 100 users, 250 users in each thread group. I have varied the ramp up 
> times from 60sec to 300sec.

I think this is not heavy enough to force race condition on your web
server. Use only ones user which logs in and logs out in a loop. Then,
in another side, Increase users (threads) and decrease the ramp up time
as more as your system does not hang. I remember I was able to ramp up
300 users (threads) in 15 seconds at my system.

Regards.

Re: Struts2 login action class seems to be reused

[Prasanth Pasala]

Wish I was able to consistently reproduce it. I have two thread groups in 
JMeter one thread group requests login page then logs in. Another thread group 
just requests login page. I have tried this
with 100 users, 250 users in each thread group. I have varied the ramp up times 
from 60sec to 300sec. I have been trying this for the last 10 days. I was 
successful in reproducing it only during one
run, which had 100 users and two of the requests for login page (no 
username/password) made login entries and got home page.

I will keep trying. If I can't reproduce it more often, one solution I am 
thinking of is comparing the username/password in the action class with the 
values in the request object itself. If they are
different I can send an email with the information and not login the user.

Thanks,
Prasanth

On 03/08/2018 03:13 AM, Yasser Zamani wrote:
>
> On 3/7/2018 11:23 PM, Prasanth Pasala wrote:
>> If it is a session crossover we would display another user information 
>> without making a login entry. In the cases where we had issue the code 
>> recognized that there is no active session and went to the
>> authentication part, authenticated the user and made a database entry for 
>> successful login. The authentication is based on the form variables 
>> populated by struts into the action class.
> Ahaa... so, currently the only thing I can imagine is maybe this issue
> raises up when you have two simultaneous requests: one with
> username/password parameters, the other without (and both without any
> active session). Could you please verify this with a lot of such pair
> simultaneous requests using JMeter? i.e. create two simultaneous
> requests, one of them contains username/password, the other one does
> not. Add an assertion to the other one which checks if issue occurs.
> Then tell JMeter to run this pair a lot of times, concurrently.
>
> I hope you'll be able to reproduce the issue which is the half of the
> resolution :)
>
> Regards.
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>

Re: Struts2 login action class seems to be reused

[Yasser Zamani]

On 3/7/2018 11:23 PM, Prasanth Pasala wrote:
> If it is a session crossover we would display another user information 
> without making a login entry. In the cases where we had issue the code 
> recognized that there is no active session and went to the
> authentication part, authenticated the user and made a database entry for 
> successful login. The authentication is based on the form variables populated 
> by struts into the action class.

Ahaa... so, currently the only thing I can imagine is maybe this issue
raises up when you have two simultaneous requests: one with
username/password parameters, the other without (and both without any
active session). Could you please verify this with a lot of such pair
simultaneous requests using JMeter? i.e. create two simultaneous
requests, one of them contains username/password, the other one does
not. Add an assertion to the other one which checks if issue occurs.
Then tell JMeter to run this pair a lot of times, concurrently.

I hope you'll be able to reproduce the issue which is the half of the
resolution :)

Regards.