On 3/16/2018 11:00 PM, Prasanth Pasala wrote:
> There is only one reference to Util.authenticate in the project and that is
> in LoginAction.
>
If (those log record insertions are only possible via
LoginAction.execute method && IP field value of them are different and
are consistent with access log of that POST and GET request) then it
seems you're right! i.e. one specific object of LoginAction has executed
both requests, POST from User2 then GET from User1!!
To confirm these, could you please change your code as below:
if(censusID == -1) {
message = "Invalid username/password specified";
result = "failed";
}
else {
new
com.xxxxx.xxxxx.model.Logger().loggedIn(censusID, remoteHost,
System.identityHashCode(this));
i.e. also log the identity hash code of the LoginAction object to see if
both records are inserted via a same action object.
Thanks in advance for your support!
> On 03/16/2018 02:13 PM, Yasser Zamani wrote:
>> And you confirm that those log record insertions are only possible via
>> LoginAction.execute method? Right? Or util.authenticate are called elsewhere
>> also?
>> On Mar 16, 2018, at 9:45PM, Prasanth Pasala
>> <ppas...@pangburngroup.com<mailto:ppas...@pangburngroup.com>> wrote:
>>
>> We have a pretty standard struts.xml just declaration of action and the
>> class along with the results (tiles results). Nothing other than that.
>>
>> On 03/16/2018 11:55 AM, Yasser Zamani wrote:
>>
>> On 3/16/2018 1:49 AM, Prasanth Pasala wrote:
>> We do have login time, using that and the IP to correlate that with the
>> access logs. Not all login entries have corresponding POST entries in access
>> log, so those would be our problems occurrences.
>> They actual correspond to a GET entry from a user.
>>
>> IP of the GET request of User1 matches with the login record in the
>> database (login would be for User2 id and IP from User1 GET). So it looks as
>> if the same user logged in from two different IPs
>> around the same time, which shouldn't be the case.
>> I'm almost sure Struts always asks object factory to create the action
>> on each request. This is belong to object factory if create a new one
>> object of that action, or no, reuse a previous one object of an action.
>> So have you set any specific object factory via struts.xml?
>>
>> ________________________________
>>
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
