On 5/16/2018 6:59 AM, Prasanth Pasala wrote: > We have two applications (websites) to make it easier for users we have a > third site that acts as a common login place. Once the user enters the > username and password it determines the right site to use and does a forward > to that context (applications hosted in the same host). > > When using struts1 everything was fine. When we moved to struts2 we started > getting crossed logins. When a user gets to login page the action would get > populated with a username and password used by some other user. This happens > only if a request with this information is forwarded from one context to > another. > > With some help from struts mailing list it was determined that some how old > actions are in the stack and if we remove get methods struts2 would not be > able to pull that data and put in the current value stack. So we did it and > when we started testing we are getting session invalid exceptions. Again this > happens only if there are users logging in context1 and that request is > forwarded to context2. If the login activity is done directly in context2 the > issue does not arise.
Could you post the complete stacktrace of invalid session exception? I think knowing where and why tries to access session may help. Regards.