RE: session race / transfer issue
I had a very similar problem some months back. It turned out to be a proxy server in the network caching pages too aggressively. We have a welcome screen that says hello to the user by name, based on a value pulled from session. Many times, anyone who logged in would be greeted by the wrong name, and always the name of the first person that logged on that day. The proxy was returning a cached copy of the page rather than sending the request through to the app server (verified by logging a message any time the Action that logged the user on fired, which is where the session was set up... I noticed the Action wasn't getting executed, yet the user was getting in, which could only be explained by the proxy returning a cached copy). Solution was to configure IE to not use the proxy for the address of this application. Coukd something like this be the case here too? -Original Message- From: Jesse Alexander (KBSA 21)[EMAIL PROTECTED] Sent: 2/10/05 8:01:43 AM To: Struts Users Mailing Listuser@struts.apache.org Subject: RE: session race / transfer issue -Original Message- From: Brown, James [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:30 PM To: user@struts.apache.org Subject: session race / transfer issue We have encountered a problem in which it appears (from user's description, transaction records, web application logs, and web server access logs), that user sessions are being transferred from one user to another. --- snipped --- We have inspected our web application code (all jsp, javascript, and java) and to our knowledge we are handling session creation, invalidation and access properly. In addition, we are using the html taglib and/or explicit encodeURL calls to insure URL rewriting is being enforced. --- snipped --- -- James the last time we have encountered such a problem it turned out to be something homemade within the application. The had stored that kind of data in a Action-instance variable. hop you find that bugger. Good luck Alexander - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session race / transfer issue
I had a very similar problem some months back. It turned out to be a proxy server in the network caching pages too aggressively. We have a welcome screen that says hello to the user by name, based on a value pulled from session. Many times, anyone who logged in would be greeted by the wrong name, and always the name of the first person that logged on that day. The proxy was returning a cached copy of the page rather than sending the request through to the app server (verified by logging a message any time the Action that logged the user on fired, which is where the session was set up... I noticed the Action wasn't getting executed, yet the user was getting in, which could only be explained by the proxy returning a cached copy). Solution was to configure IE to not use the proxy for the address of this application. Coukd something like this be the case here too? -Original Message- From: Jesse Alexander (KBSA 21)[EMAIL PROTECTED] Sent: 2/10/05 8:01:43 AM To: Struts Users Mailing Listuser@struts.apache.org Subject: RE: session race / transfer issue -Original Message- From: Brown, James [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:30 PM To: user@struts.apache.org Subject: session race / transfer issue We have encountered a problem in which it appears (from user's description, transaction records, web application logs, and web server access logs), that user sessions are being transferred from one user to another. --- snipped --- We have inspected our web application code (all jsp, javascript, and java) and to our knowledge we are handling session creation, invalidation and access properly. In addition, we are using the html taglib and/or explicit encodeURL calls to insure URL rewriting is being enforced. --- snipped --- -- James the last time we have encountered such a problem it turned out to be something homemade within the application. The had stored that kind of data in a Action-instance variable. hop you find that bugger. Good luck Alexander - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session race / transfer issue
From: Brown, James [EMAIL PROTECTED] We have encountered a problem in which it appears (from user's description, transaction records, web application logs, and web server access logs), that user sessions are being transferred from one user to another. * Netscape iPlanet 6.1 connected through tomcat-connector to tomcat 4.1.24 Have you checked the archives for tomcat-user? I think a couple of people have reported something similar. Unfortunately, as a rare, seemingly random occurrence it's going to be hard to track down. -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session race / transfer issue
At 9:37 AM -0700 2/9/05, Wendy Smoak wrote: From: Brown, James [EMAIL PROTECTED] We have encountered a problem in which it appears (from user's description, transaction records, web application logs, and web server access logs), that user sessions are being transferred from one user to another. * Netscape iPlanet 6.1 connected through tomcat-connector to tomcat 4.1.24 Have you checked the archives for tomcat-user? I think a couple of people have reported something similar. Unfortunately, as a rare, seemingly random occurrence it's going to be hard to track down. Is there any chance that there's a caching proxy in the middle? I've hit that 3 or 4 times, especially when you deal with multiple users inside a corporate network. Some ISPs also install caching proxies without telling their customers as a way of economizing on bandwidth. A few years ago we ran into this with the ISP for our office network. Needless to say, as a web development shop we noticed where their other clients might not -- and we dropped them soon after we noticed. Joe -- Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com Narrow minds are weapons made for mass destruction -The Ex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
