File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Tomcat session data bleeding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session data bleeding" Watch "Tomcat session data bleeding" New topic
Author

Tomcat session data bleeding

Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
We have a portal (uportal) running on Tomcat. We have programmed a couple of of Portlets that for the most part run just fine.

A few of these portlets are grabbing data from an Oracle DB and presenting it to our users -- this info is grabbed based upon a user id. Every once in a while (1 in 10,000 logins perhaps?) we get reports of users getting the data of different users, when we do get this report it seems to be from 2 or 3 different users at about the same time. We've looked through backups of the DB to see if info is written wrong and what it looks like some sort of session-data bleeding. (our portlets don't have any static variables that could accidentally be shared)

Has anyone ever heard of Tomcat accidentally giving one user's session data to a different user? How would I begin to look at this? I'm not sure how to view/record individual session data.

thank you for your help.
Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
We found it, kind of a newbie mistake I guess.

We thought that each time a servlet was requested, a new object was created-- so we assumed instance variables we encapsulated from all the other requests.

Found this on CodeRanch: http://www.coderanch.com/t/451902/JSP/java/session-mix-up
Its cleared up now that all our variables need to be in the doView method.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15641
    
  15

Are you using Struts, by any chance? It's real easy to make that mistake in Struts. I inherited an application that was so rife with stuff like that that its only salvation was the fact that only rarely was more than one user online at a time.


Customer surveys are for companies who didn't pay proper attention to begin with.
Chad Step
Greenhorn

Joined: Jun 21, 2006
Posts: 13
I was not using Struts in this. Interesting that it would have this problem.

I've only learned about it in quick research. is it kind of like Ruby-On-Rails for Java?
 
jQuery in Action, 2nd edition
 
subject: Tomcat session data bleeding
 
Similar Threads
logout requirement in portals
New JSF/Portlet Developer Help needed
PORTAL session NOT PortletSession
uPortal 3.2.4 Build Failed
How to configure Tomcat for authentication against Active Directory of Windows Server 2003