wood burning stoves 2.0*
The moose likes Servlets and the fly likes Session swaping using servlets and JSPs Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session swaping using servlets and JSPs" Watch "Session swaping using servlets and JSPs" New topic
Author

Session swaping using servlets and JSPs

Tony Palomares
Greenhorn

Joined: Jan 11, 2013
Posts: 4
Hi,

I have implemented a web application, using JSPs and servlets, that runs in a tomcat server. It works with differents databases, using JDBC connections.

I have noticed that there is a "session swaping". Sometimes, a user that is working with one JSP retrieves data from other user's session, even if they are working with differents databases.

I have looked for something similar in google. There were only a few references, and they usually point to a memory problem.

Since I have changed the Tomcat configuration, the number of cases has decreased, but the problem is still persisting. The changes consisted in adding an executor and increasing the value of maxThreads in server.xml.

I thought that it could be a Tomcat's bug, but I am not sure. Some of the JSPs and servlets have static methods. Could it be the reason of the problem?

Thanks in advance
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

Hi Tony, welcome to Javaranch
Tony Palomares wrote:I thought that it could be a Tomcat's bug, but I am not sure. Some of the JSPs and servlets have static methods. Could it be the reason of the problem?

Never heard of any session swapping in tomcat or any other server.
The static methods exist because they have some reason right??
Are you sure this is not an issue of thread safety?


SCJP, SCWCD.
|Asking Good Questions|
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

Static methods are highly suspect. Do you have instance variables in servlets or JSP declaration blocks? This has the smell of a thread-safety issue.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Tony Palomares
Greenhorn

Joined: Jan 11, 2013
Posts: 4
Hi Amit,

Thank you for responding .

Although this is my first post, I have visited this forum many times.

Neither have I heard about this. It is very strange. In fact, I couldnt believe it until I have seen it by myself.

I was testing my web application to correct some errors. I have just invoked a servlet to retrieve data from a customer, called "A", (from data base number one), but the information recovered belongs to other, called "B" (from data base number two). At the same time, other user was working with customer "B" in database two, with the same JSP.

The number of users that are connected is not very high.

I have no explanation for it.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2716
    
    6

I don't feel this is any session swapping. Nothing can be said for sure without looking at the DB retrieval code.
Jayesh A Lalwani
Bartender

Joined: Jan 17, 2008
Posts: 2393
    
  28

It definitely smells like a thread safety issue. These are very hard to reproduce and fix. The only way that has worked for me is to do a code inspection to find thread unsafe code
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

You have not answered my questions.
Tony Palomares
Greenhorn

Joined: Jan 11, 2013
Posts: 4
Hi everybody

In my JSP I have instanced several variables and objects, to recover some auxiliar data from database.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

Tony Palomares wrote:Hi everybody

In my JSP I have instanced several variables and objects, to recover some auxiliar data from database.


Problem discovered.

First of all, there should be no Java scriptlets in modern JSP. That's a poor practice that has been discredited and obsolete for more than 10 years. Modern JSPs should use the JSTL and EL in place of Java code.

Secondly, instance variables should be avoided because they will be shared across multiple threads. Data should not be stored in instance variables. If the data is specific to a request, store it in request scope. If it's specific to a user, store it in session scope. If it's to be shared across the application, store it in application scope.
Tony Palomares
Greenhorn

Joined: Jan 11, 2013
Posts: 4
Yes, I have read about it in google. You are right: it was a thread safe issue. At last, I have found the problem.

Thank you guys for your help.

Regards


 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session swaping using servlets and JSPs