aspose file tools*
The moose likes Servlets and the fly likes Sessions are swapped Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Sessions are swapped" Watch "Sessions are swapped" New topic
Author

Sessions are swapped

Jonathan Pierce
Greenhorn

Joined: May 07, 2003
Posts: 5
Hello Everyone,
I have a very serious problem with sessions.
We have an application where users log in to view their personnal information.
User 1 is logged in and User 2 is logged in.
User 1 is moving through the application and then gets to a page that displays User 2's information.
It's as if the users have the same session ID.
The web server is iPlanet 4.1 SP8, JSP's, Servlets are running on iPlanet.
We have a Cisco Content Switch (Hardware Load Balancer) and a Cisco SSL accelerator.
We are using Weblogic as the app server.
I have seen this same situation posted on other forums but no one has replied to the problem.
I thought with all of the knowledge on this site, someone may have seen this problem.
Thank you so much for your time and knowledge!
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I too have heard of this problem relating to Weblogic, but I think we blamed it on a proxy. I'm sorry to say that I didn't work close enough to the problem to say whether there is a fix or not. Have you tried supporting session ids using URL rewriting rather than cookies?
Dave
Jonathan Pierce
Greenhorn

Joined: May 07, 2003
Posts: 5
I have also heard of Weblogic doing this with sessions, but the people I spoke with were using weblogic to server the JSP's and servlets.
I have read a couple of posts about the url rewriting and I am sending that to one of my friends who developed the application.
The frustrating part is trying to figure out if this is hardware or software related.
I found a post on another forum that was word for word the exact problem we are having.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

There is also the possibility that the Thread-safety of one of your resources might be suspect, but given that this is a complete user-swap, and this is managed by the server, I can't imagine how you'd create the effects you'd probably be seeing.
Still worth double checking though.
I'd also get like HttpInspector (free to download) and watch the session IDs of the two users, make sure the sessions are getting mixed at the HTTP level.
 
jQuery in Action, 2nd edition
 
subject: Sessions are swapped