Thanks for looking into this Yasser.  In the current setup we have, we don't 
have a cluster, it is the only server handling all requests.

If it is a session crossover we would display another user information without 
making a login entry. In the cases where we had issue the code recognized that 
there is no active session and went to the
authentication part, authenticated the user and made a database entry for 
successful login. The authentication is based on the form variables populated 
by struts into the action class.

Thanks,
Prasanth

On 03/07/2018 01:22 PM, Yasser Zamani wrote:
>
> On 3/7/2018 7:34 PM, Prasanth wrote:
>> I can't say that 2 percent of users were able to get in without 
>> username/password. As I have ran the JMeter tests a lot of times (each run 
>> with 100 users). Only during one of those runs of JMeter I
>> had 2 requests get users home page when Login.action was requested (with out 
>> username/password).
>>
>> Below is the Login.action code. Removed the code that fetches the data for 
>> home page.
> Thanks! I see you use session also.
>
> Looks like a bug with Undertow web server [1]. I'm not familiar with it
> so you may open an issue there and copy paste this thread there. They
> may have some idea as it seems they have similar issues with session
> which I linked below.
>
> Good luck.
>
> [1]
> https://issues.jboss.org/browse/JBEAP-6683?focusedCommentId=13340535&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13340535
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>

Reply via email to