Rsecurity breach on tomcat 6.0.26

[zach Li]

Hi, 
 
we are using tomcat 6.0.26 to host a java application. but recently we are 
experiencing security breach once or twice a week. the issue we are facing is: 
one user screen(or input) totallly showing up on the different user screen. 
Those screens have customer sensetive information. 
 
Anyone has similiar experience? how should i trace and fix it?
 
thanks for you help.
 
zach.