*
The moose likes Tomcat and the fly likes Tomcat session data bleeding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session data bleeding" Watch "Tomcat session data bleeding" New topic
Author

Tomcat session data bleeding

Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
We have a portal (uportal) running on Tomcat. We have programmed a couple of of Portlets that for the most part run just fine.

A few of these portlets are grabbing data from an Oracle DB and presenting it to our users -- this info is grabbed based upon a user id. Every once in a while (1 in 10,000 logins perhaps?) we get reports of users getting the data of different users, when we do get this report it seems to be from 2 or 3 different users at about the same time. We've looked through backups of the DB to see if info is written wrong and what it looks like some sort of session-data bleeding. (our portlets don't have any static variables that could accidentally be shared)

Has anyone ever heard of Tomcat accidentally giving one user's session data to a different user? How would I begin to look at this? I'm not sure how to view/record individual session data.

thank you for your help.
Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
We found it, kind of a newbie mistake I guess.

We thought that each time a servlet was requested, a new object was created-- so we assumed instance variables we encapsulated from all the other requests.

Found this on CodeRanch: http://www.coderanch.com/t/451902/JSP/java/session-mix-up
Its cleared up now that all our variables need to be in the doView method.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15952
    
  19

Are you using Struts, by any chance? It's real easy to make that mistake in Struts. I inherited an application that was so rife with stuff like that that its only salvation was the fact that only rarely was more than one user online at a time.


Customer surveys are for companies who didn't pay proper attention to begin with.
Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
I was not using Struts in this. Interesting that it would have this problem.

I've only learned about it in quick research. is it kind of like Ruby-On-Rails for Java?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat session data bleeding
 
Similar Threads
uPortal 3.2.4 Build Failed
How to configure Tomcat for authentication against Active Directory of Windows Server 2003
logout requirement in portals
PORTAL session NOT PortletSession
New JSF/Portlet Developer Help needed