Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookie problem - cookie shared between 2 external seperate networks

 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello friends,

I have a wierd, problem of cookies. In my application, i have implemented, the "Remember User on Machine" functionality. Here is some background first. The implementaion logic is as follows: -

1) Every request made to the application goes to ONE servlet
2) The servlet (...called AutoLoginServlet.java) looks for cookies from the request object.
3) Checks if the cookies set by the application are available.
4) If no such cookie is found, then, the application redirects the response to login page ... which is a static html page.
5) If a cookie set earlier by the application is found, then the servlet redirects to the Login module of the application ( ... done by LoginAction.java i.e., an action class as we are also using struts framework)


This implementation was working fine for a month ... until ...a problem appeared yesterday. This is a very wierd problem. The scenario is as follows: -
One user ...say A accessed the system from a machine, from a separate network, using different ISP.
User "A" was using Remember me functionality.
Sometime later, another user "B" accessed the system, from another machine, belonging to an all together different network, using another ISP.
The user "B" logs out.

Now ...after some time user "A" tries to log in.
But, at the time of login, user "A" is able to see user "B"'s profile. ... that is user "A" sees ... "Welcome B" !!!

Strange!!! The machines used to access the applications, by different users, were different, network was different, even ISP was different.

Still, it seems as if the cookie of one user got apparently shared for another user, since at the time of login, one user can see another user's profile or inbox.

I am not able to track the cause of the problem ... Any solution to this wierd issue ??? Please ... please some lead in this problem is highly appreciated. Many thanks


Thanks and Regards
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It sounds like one or more of your serv;ets are not thread-safe, generally meaning that the servlet(s) have instance variables. Since there is only a single instance of the servlet, all requests will share any state set on the instance variables. The quick solution is to remove the instance variables.
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the servlet, there isn't any instance variable.
And the code to get the login credentials from either login html page or cookie, is present in the LoginAction, that i talked about earlier.
It is this Action class that has just the form bean as its instance variable. Is this form bean affecting ??

Because, the system is in use since past 2 years, and the "Remember me on Machine" functionality has been added only a month back.
And all this time... until yesterday, such a scenario did not occur ...that is why i am confused!!!

Shall i try making the form bean as local variable instead of instance variable?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does your LoginAction get re-instanciated with each request or is there a single instance of it being used by your controller to handle all requests?
If the latter, then you should treat instance variables in your action class the same way you would treat them in a servlet.
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok ... thank you Ben and David.

But, is their any way by which i will come to know ... if my Action class is getting re-instantiated for each request or there is a single instance?
I don't know, what i will have to look for and where to get this information ?

For the Action mapping that i have written in the struts-config file, i have set the scope to "request"
... Does that dictate, how action class will be instantiated?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you write the Action class and the controller or are you using a third party framework (I'm guessing it's Struts by the name)?

If it's a framework, you should go through the documentation.
This is an important thing to know if you're building applications with it.

A simple test would be to add an instance variable and some logging code to see if the variable is being reinitialized with each request.
 
omkar patkar
Ranch Hand
Posts: 231
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We are using struts as the framework ... but we need to write the custom Action classes, and that is what we have done, we have written the LoginAction.java.

Ok, i will look for the documentation as well as try your method of putting a simple instance variable ... i will get back to you guys ... thank you for the help and replies so far
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic