On 3/14/2018 5:43 PM, Prasanth Pasala wrote: > We had a user report it soon after the deployment. After that we started > looking into the specific user who reported (User1) and the user (whose > information was seen by the reporting user) say User2. > We realized there are login entries from same IP for both of these users.
As you get IP address from request (rather than Struts action), then it seems that request (which contains username/password and that same IP address) is being reused. > In the access log of the server there was a POST request for User1 but at the > time of login entry for User2 there was only a > GET request. In the time line GET request is first, User1 sees User2's > information logs out and then login again with their credentials. At that time when there is a GET request for User1 and this issue happens, what are logs for User2 at same time? Thanks in advance!
