This week's book giveaway is in the JDBC forum.
We're giving away four copies of Make it so: Java DB Connections & Transactions and have Marcho Behler on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Tomcat session data bleeding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat session data bleeding" Watch "Tomcat session data bleeding" New topic

Tomcat session data bleeding

Chad Step

Joined: Jun 21, 2006
Posts: 13
We have a portal (uportal) running on Tomcat. We have programmed a couple of of Portlets that for the most part run just fine.

A few of these portlets are grabbing data from an Oracle DB and presenting it to our users -- this info is grabbed based upon a user id. Every once in a while (1 in 10,000 logins perhaps?) we get reports of users getting the data of different users, when we do get this report it seems to be from 2 or 3 different users at about the same time. We've looked through backups of the DB to see if info is written wrong and what it looks like some sort of session-data bleeding. (our portlets don't have any static variables that could accidentally be shared)

Has anyone ever heard of Tomcat accidentally giving one user's session data to a different user? How would I begin to look at this? I'm not sure how to view/record individual session data.

thank you for your help.
Chad Step

Joined: Jun 21, 2006
Posts: 13
We found it, kind of a newbie mistake I guess.

We thought that each time a servlet was requested, a new object was created-- so we assumed instance variables we encapsulated from all the other requests.

Found this on CodeRanch:
Its cleared up now that all our variables need to be in the doView method.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17282

Are you using Struts, by any chance? It's real easy to make that mistake in Struts. I inherited an application that was so rife with stuff like that that its only salvation was the fact that only rarely was more than one user online at a time.

An IDE is no substitute for an Intelligent Developer.
Chad Step

Joined: Jun 21, 2006
Posts: 13
I was not using Struts in this. Interesting that it would have this problem.

I've only learned about it in quick research. is it kind of like Ruby-On-Rails for Java?
I agree. Here's the link:
subject: Tomcat session data bleeding
jQuery in Action, 3rd edition