File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Tomcat session data bleeding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session data bleeding" Watch "Tomcat session data bleeding" New topic

Tomcat session data bleeding

Chad Step

Joined: Jun 21, 2006
Posts: 13
We have a portal (uportal) running on Tomcat. We have programmed a couple of of Portlets that for the most part run just fine.

A few of these portlets are grabbing data from an Oracle DB and presenting it to our users -- this info is grabbed based upon a user id. Every once in a while (1 in 10,000 logins perhaps?) we get reports of users getting the data of different users, when we do get this report it seems to be from 2 or 3 different users at about the same time. We've looked through backups of the DB to see if info is written wrong and what it looks like some sort of session-data bleeding. (our portlets don't have any static variables that could accidentally be shared)

Has anyone ever heard of Tomcat accidentally giving one user's session data to a different user? How would I begin to look at this? I'm not sure how to view/record individual session data.

thank you for your help.
Chad Step

Joined: Jun 21, 2006
Posts: 13
We found it, kind of a newbie mistake I guess.

We thought that each time a servlet was requested, a new object was created-- so we assumed instance variables we encapsulated from all the other requests.

Found this on CodeRanch:
Its cleared up now that all our variables need to be in the doView method.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Are you using Struts, by any chance? It's real easy to make that mistake in Struts. I inherited an application that was so rife with stuff like that that its only salvation was the fact that only rarely was more than one user online at a time.

An IDE is no substitute for an Intelligent Developer.
Chad Step

Joined: Jun 21, 2006
Posts: 13
I was not using Struts in this. Interesting that it would have this problem.

I've only learned about it in quick research. is it kind of like Ruby-On-Rails for Java?
I agree. Here's the link:
subject: Tomcat session data bleeding
It's not a secret anymore!