aspose file tools*
The moose likes Servlets and the fly likes Cookie problem - cookie shared between 2 external seperate networks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cookie problem - cookie shared between 2 external seperate networks" Watch "Cookie problem - cookie shared between 2 external seperate networks" New topic
Author

Cookie problem - cookie shared between 2 external seperate networks

omkar patkar
Ranch Hand

Joined: Aug 25, 2005
Posts: 231
Hello friends,

I have a wierd, problem of cookies. In my application, i have implemented, the "Remember User on Machine" functionality. Here is some background first. The implementaion logic is as follows: -

1) Every request made to the application goes to ONE servlet
2) The servlet (...called AutoLoginServlet.java) looks for cookies from the request object.
3) Checks if the cookies set by the application are available.
4) If no such cookie is found, then, the application redirects the response to login page ... which is a static html page.
5) If a cookie set earlier by the application is found, then the servlet redirects to the Login module of the application ( ... done by LoginAction.java i.e., an action class as we are also using struts framework)


This implementation was working fine for a month ... until ...a problem appeared yesterday. This is a very wierd problem. The scenario is as follows: -
One user ...say A accessed the system from a machine, from a separate network, using different ISP.
User "A" was using Remember me functionality.
Sometime later, another user "B" accessed the system, from another machine, belonging to an all together different network, using another ISP.
The user "B" logs out.

Now ...after some time user "A" tries to log in.
But, at the time of login, user "A" is able to see user "B"'s profile. ... that is user "A" sees ... "Welcome B" !!!

Strange!!! The machines used to access the applications, by different users, were different, network was different, even ISP was different.

Still, it seems as if the cookie of one user got apparently shared for another user, since at the time of login, one user can see another user's profile or inbox.

I am not able to track the cause of the problem ... Any solution to this wierd issue ??? Please ... please some lead in this problem is highly appreciated. Many thanks


Thanks and Regards


Thanks and Regards
Omkar Patkar (SCJP 1.4)[url]http://javacollectionsnotes.blogspot.com[/url] | [url]http://omkar-myscjpexp.blogspot.com[/url]
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

It sounds like one or more of your serv;ets are not thread-safe, generally meaning that the servlet(s) have instance variables. Since there is only a single instance of the servlet, all requests will share any state set on the instance variables. The quick solution is to remove the instance variables.
omkar patkar
Ranch Hand

Joined: Aug 25, 2005
Posts: 231
In the servlet, there isn't any instance variable.
And the code to get the login credentials from either login html page or cookie, is present in the LoginAction, that i talked about earlier.
It is this Action class that has just the form bean as its instance variable. Is this form bean affecting ??

Because, the system is in use since past 2 years, and the "Remember me on Machine" functionality has been added only a month back.
And all this time... until yesterday, such a scenario did not occur ...that is why i am confused!!!

Shall i try making the form bean as local variable instead of instance variable?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Does your LoginAction get re-instanciated with each request or is there a single instance of it being used by your controller to handle all requests?
If the latter, then you should treat instance variables in your action class the same way you would treat them in a servlet.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
omkar patkar
Ranch Hand

Joined: Aug 25, 2005
Posts: 231
Ok ... thank you Ben and David.

But, is their any way by which i will come to know ... if my Action class is getting re-instantiated for each request or there is a single instance?
I don't know, what i will have to look for and where to get this information ?

For the Action mapping that i have written in the struts-config file, i have set the scope to "request"
... Does that dictate, how action class will be instantiated?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Did you write the Action class and the controller or are you using a third party framework (I'm guessing it's Struts by the name)?

If it's a framework, you should go through the documentation.
This is an important thing to know if you're building applications with it.

A simple test would be to add an instance variable and some logging code to see if the variable is being reinitialized with each request.
omkar patkar
Ranch Hand

Joined: Aug 25, 2005
Posts: 231
We are using struts as the framework ... but we need to write the custom Action classes, and that is what we have done, we have written the LoginAction.java.

Ok, i will look for the documentation as well as try your method of putting a simple instance variable ... i will get back to you guys ... thank you for the help and replies so far
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cookie problem - cookie shared between 2 external seperate networks