The two LoginAction classes below are from the same context (/Context2). Context1 LoginAction would have a different package name. The issue occurs when a user is requesting /Context2 directly rather than when the request is forwarded, if the request is forwarded from /Context1 it would have the username and password in the request and those seems to be working fine. The issue is when there are requests forwarded from /Context1 with username and password and later on there is a GET request to /Context2 LoginAction (no username/password in request, so should display login page). Now some how struts is using data from the old forwarded requests (sent from Context1) for a request made directly to Context2.
The user is inputting username and password in /Context1, if I send a redirect they would have to enter username/password again in /Context2. May be for LoginAction in /Context2 I can remove instance variables (so that struts doesn't set any values) I will directly access the request object to get username and password to validate. Thanks, Prasanth On 04/23/2018 12:31 PM, Yasser Zamani wrote: > > On 4/23/2018 8:04 PM, Prasanth Pasala wrote: >> Found this one also but for almost all, the root size was 3. Below one was >> anomaly. >> Root Size: 4 >> Result: null >> Object: com.opensymphony.xwork2.DefaultTextProvider@4d36d73d >> Object: com.nqadmin.webaccess.LoginAction@7f716c46 >> Object: com.nqadmin.webaccess.LoginAction@35224c2f >> >> Also found that the issue doesn't come up if I am logging in only to the >> second website (/context2). The issue only comes up if there are users >> logging in via context1, whose login request is >> forwarded to context2. > Yes exactly. The new log shows, your previous contexts actions > (LoginAction@7f716c46 and LoginAction@35224c2f) are also present in > current context because you forward same request which includes previous > context data, then, Struts ChainInterceptor copies data from previous to > current action :S . As currently Struts cannot handle forwarded requests > well, could you please try REDIRECT instead? sendRedirect asks user > browser to continue with a new request. > > Regards. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org >