This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Hello Everyone, I have a very serious problem with sessions. We have an application where users log in to view their personnal information. User 1 is logged in and User 2 is logged in. User 1 is moving through the application and then gets to a page that displays User 2's information. It's as if the users have the same session ID. The web server is iPlanet 4.1 SP8, JSP's, Servlets are running on iPlanet. We have a Cisco Content Switch (Hardware Load Balancer) and a Cisco SSL accelerator. We are using Weblogic as the app server. I have seen this same situation posted on other forums but no one has replied to the problem. I thought with all of the knowledge on this site, someone may have seen this problem. Thank you so much for your time and knowledge!
I too have heard of this problem relating to Weblogic, but I think we blamed it on a proxy. I'm sorry to say that I didn't work close enough to the problem to say whether there is a fix or not. Have you tried supporting session ids using URL rewriting rather than cookies? Dave
Joined: May 07, 2003
I have also heard of Weblogic doing this with sessions, but the people I spoke with were using weblogic to server the JSP's and servlets. I have read a couple of posts about the url rewriting and I am sending that to one of my friends who developed the application. The frustrating part is trying to figure out if this is hardware or software related. I found a post on another forum that was word for word the exact problem we are having.
There is also the possibility that the Thread-safety of one of your resources might be suspect, but given that this is a complete user-swap, and this is managed by the server, I can't imagine how you'd create the effects you'd probably be seeing. Still worth double checking though. I'd also get like HttpInspector (free to download) and watch the session IDs of the two users, make sure the sessions are getting mixed at the HTTP level.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com