I have the same serious problem that is similar to an old thread http://marc.info/?l=struts-user&m=121234554714110&w=2 I use session object to manage user data for my company's e-commerce site, from time to time,specially when have high web access traffic, the session data could overlap, and from different user object. It is very frustrated, because it not happen always, but once a while, but serious problem, i do not know it is bug for strusts or not. public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response ) throws Exception { HttpSession session=request.getSession(); UserInfoForm uif, t_uif; Boolean check_cookie=false; String login=null; if (session==null) { session=request.getSession(true); check_cookie=true; } else { uif=(UserInfoForm) session.getAttribute(BeanNames.USERINFO); if (uif==null || uif.getLogin_id()==null ||uif.getLogin_id().equals("Visit") ) check_cookie=true; } if (check_cookie) { t_uif=new UserInfoForm(); uif.setLogin_id("Visit"); session.setAttribute(BeanNames.USERINFO,uif); Cookie theCookie=null;uif.setLogin_id("Visit"); Cookie cookieList[]=request.getCookies(); if (cookieList!=null) { for (int i=0; i<cookieList.length;i++) { theCookie=cookieList[i]; if ( theCookie.getName().equals("XXX") ) /* XXX=company name */ login=theCookie.getValue(); } if (login==null) t_uif=null; else t_uif=security_service.ask(login); /* to access db, to verify user info ...*/ if (t_uif==null) t_uif.setLogin_id("Visit"); session.setAttribute(BeanNames.USERINFO,t_uif); } } uif=(UserInfoForm) session.getAttribute(BeanNames.USERINFO); .... average once a month or when have heavy web traffic, the 'USERINFO' session object could be overlap with wrong customer info. please give me any clue, tks in advance john