I have a wierd, problem of cookies. In my application, i have implemented, the "Remember User on Machine" functionality. Here is some background first. The implementaion logic is as follows: -
1) Every request made to the application goes to ONE servlet 2) The servlet (...called AutoLoginServlet.java) looks for cookies from the request object.
3) Checks if the cookies set by the application are available.
4) If no such cookie is found, then, the application redirects the response to login page ... which is a static html page.
5) If a cookie set earlier by the application is found, then the servlet redirects to the Login module of the application ( ... done by LoginAction.java i.e., an action class as we are also using struts framework)
This implementation was working fine for a month ... until ...a problem appeared yesterday. This is a very wierd problem. The scenario is as follows: -
One user ...say A accessed the system from a machine, from a separate network, using different ISP.
User "A" was using Remember me functionality.
Sometime later, another user "B" accessed the system, from another machine, belonging to an all together different network, using another ISP.
The user "B" logs out.
Now ...after some time user "A" tries to log in.
But, at the time of login, user "A" is able to see user "B"'s profile. ... that is user "A" sees ... "Welcome B" !!!
Strange!!! The machines used to access the applications, by different users, were different, network was different, even ISP was different.
Still, it seems as if the cookie of one user got apparently shared for another user, since at the time of login, one user can see another user's profile or inbox.
I am not able to track the cause of the problem ... Any solution to this wierd issue ??? Please ... please some lead in this problem is highly appreciated. Many thanks
Thanks and Regards
Thanks and Regards
Omkar Patkar (SCJP 1.4)[url]http://javacollectionsnotes.blogspot.com[/url] | [url]http://omkar-myscjpexp.blogspot.com[/url]
It sounds like one or more of your serv;ets are not thread-safe, generally meaning that the servlet(s) have instance variables. Since there is only a single instance of the servlet, all requests will share any state set on the instance variables. The quick solution is to remove the instance variables.
Joined: Aug 25, 2005
In the servlet, there isn't any instance variable.
And the code to get the login credentials from either login html page or cookie, is present in the LoginAction, that i talked about earlier.
It is this Action class that has just the form bean as its instance variable. Is this form bean affecting ??
Because, the system is in use since past 2 years, and the "Remember me on Machine" functionality has been added only a month back.
And all this time... until yesterday, such a scenario did not occur ...that is why i am confused!!!
Shall i try making the form bean as local variable instead of instance variable?
Does your LoginAction get re-instanciated with each request or is there a single instance of it being used by your controller to handle all requests?
If the latter, then you should treat instance variables in your action class the same way you would treat them in a servlet.
But, is their any way by which i will come to know ... if my Action class is getting re-instantiated for each request or there is a single instance?
I don't know, what i will have to look for and where to get this information ?
For the Action mapping that i have written in the struts-config file, i have set the scope to "request"
... Does that dictate, how action class will be instantiated?