• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sessions are swapped

 
Jonathan Pierce
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everyone,
I have a very serious problem with sessions.
We have an application where users log in to view their personnal information.
User 1 is logged in and User 2 is logged in.
User 1 is moving through the application and then gets to a page that displays User 2's information.
It's as if the users have the same session ID.
The web server is iPlanet 4.1 SP8, JSP's, Servlets are running on iPlanet.
We have a Cisco Content Switch (Hardware Load Balancer) and a Cisco SSL accelerator.
We are using Weblogic as the app server.
I have seen this same situation posted on other forums but no one has replied to the problem.
I thought with all of the knowledge on this site, someone may have seen this problem.
Thank you so much for your time and knowledge!
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I too have heard of this problem relating to Weblogic, but I think we blamed it on a proxy. I'm sorry to say that I didn't work close enough to the problem to say whether there is a fix or not. Have you tried supporting session ids using URL rewriting rather than cookies?
Dave
 
Jonathan Pierce
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have also heard of Weblogic doing this with sessions, but the people I spoke with were using weblogic to server the JSP's and servlets.
I have read a couple of posts about the url rewriting and I am sending that to one of my friends who developed the application.
The frustrating part is trying to figure out if this is hardware or software related.
I found a post on another forum that was word for word the exact problem we are having.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is also the possibility that the Thread-safety of one of your resources might be suspect, but given that this is a complete user-swap, and this is managed by the server, I can't imagine how you'd create the effects you'd probably be seeing.
Still worth double checking though.
I'd also get like HttpInspector (free to download) and watch the session IDs of the two users, make sure the sessions are getting mixed at the HTTP level.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic