This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line!
See this thread for details.
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSessions getting mixed up

 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am having trouble with HttpSession. here is whats happening
When a user logs into the site, I get his name and other information from the database and store it in the session. now user1 logs into the site and it shows that he actually logged in as someone else(user2). The user2 has never used user1's machine and they are sitting in different countries/time zones, so it can not be a cookie issue. So the question is, why is one user's session getting mixed up with the user user?
I am using MyFaces1.1 with BEA Weblogic8.1 sp6 server. Can be there be a bug in the session id generation algorithm, so its generating same session id and thats why it mixes sessions?
Any help is appreciated.

Sushma
[ August 01, 2007: Message edited by: Bear Bibeault ]
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any chance that some of the code is not thread-safe, and that this is a concurrency problem?
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know actually... I know that session attributes are not thread safe.. but, I was under impression that two threads working for the same session will mess up attributes for that session, not for other sessions... how do I make sure that its the multithreading problem?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The crucial question as to whether there are concurrency issues is if there is shared mutable data - any objects (whether in the session or not makes no difference) that are shared between threads, e.g. servlet instance variables, session attributes, web context attributes etc. If any of these might change their value over time, access to it may have to be synchronized.
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
as I wrote earlier, the user information is stored in the Session. and there are other managed beans which access this attribute. But once set, this attribute is only retrieved, never set again as I always check for the attribute in the session and pick it from there. and its set from one bean only.
[ August 01, 2007: Message edited by: Sushma Sharma ]
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when it comes to concurrency and multithreading issues, I have no confidence. Can somebody help me please?
Thanks in advance..
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As I said, session attributes are not the only possible sources of multi-threading issues. The same applies to web context attributes and servlet instance variables. How are you handling those?
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not using servletContext attributes and I am not using servlets. and I haven't used static variables.
 
Tim Holloway
Saloon Keeper
Posts: 18303
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Sushma Sharma:
I am not using servletContext attributes and I am not using servlets. and I haven't used static variables.


You don't have to be using static variables. One of the worst atrocities I ever saw was when someone was storing JDBC Connection objects in member variables in all his Struts Action Processors.

Fortunately, JSF makes that sort of behaviour a little less likely.
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not storing JDBC connections or anything like that as member variables. Everytime, I retrieve information from the database, I call a method of DAO. this method creates a connection and returns me the results. and all the variables are local in the method, so it shouldn't be affected by concurrent access, right?
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
here is an update. Actually, only the user who logs in, his information is getting messed up sometimes.. all the other info saved in the session is always correct.
 
Tony McClay
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry that the answers I have seen have not answered your question because this should not happen in this fashion. The lowest lying fruit is Concurrency issues, but it sounds like you are sure that is not the case.

Here are a few suggestions.

1.
At every point of the login process for both users, write to the log file the information and the jsessionid, so that you are sure what is happening.

2.
If you are unable to track down where this is happening, I suggest you code a HttpSessionAttributeListener.

Actually HTTPSessionAttributeListener and/or HTTPSessionBindingListener. The BindingListener will tell you when these values are bound to the session, and the Attribute Listener will tell you information about the attribute itself.

http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionAttributeListener.html
or

This will better inform you of when the attribute was added, removed, or in your case, you believe was changed.


example:

import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionAttributeListener;
import javax.servlet.http.HttpSessionBindingEvent;

public class SessionAttribListen implements HttpSessionAttributeListener {


-- There are many code examples for this on the Web and the Sun Java Tutorial. That should point you in the right direction.

Tony
Sun Certified Web Business Component Developer
Sun Certified Web Components Developer
Sun Certified Programmer for the Java 2 Platform
 
Sushma Sharma
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tony,

thanks for the reply. even though, I knew about Listeners very well, it never occured to me that I should add a sessionAttributeListener as I was focused on other things more.
Also, do you know anything about siteminder? Acually, I get the uer id as a header from siteminder server and there is a proxy server also. is it possible that one of those is caching or giving me wrong uid.
I am printing the user header now, but haven't heard from the user having trouble, so thinking of all possible reasons.
 
Tony McClay
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sorry never used siteminder server yet. But you are right. It does sound like a place to look.

Sounds like you are well on your well to solving your problem.

Best of luck.

Tony
Sun Certified Web Business Component Developer
Sun Certified Web Components Developer
Sun Certified Programmer for the Java 2 Platform
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic