• Post Reply Bookmark Topic Watch Topic
  • New Topic

multithreaded web application session issue  RSS feed

 
dinusha ambagahawita
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am having a multithreaded web application where it uses HTTP session to store the user specific information. So in the case where we are having 2 different users with the same session (Assume same browser 2 different tabs) then the session values are overlapping. Can someone give an idea what kind of approach we can follow in-order to correct these kind of issues? Any recommendations?

Thanks.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two users will never share the same session. There may be two windows/tabs open for the same user (and thus possibly sharing the same session), though. Which multithreading issue do you have in this scenario? Are any of the servlets not thread-safe?
 
dinusha ambagahawita
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the response. actually whats happing is, same browser 2 different tabs user is logging by using 2 different user loggings. so since the tab is sharing the same session, this will mixup the data. Not only the user information all the other variables that are stored in the session which will differ from each login.

Any idea / recommandations to overcome this prob? I am running my application on jboss-4.0.3
 
Steve Luke
Bartender
Posts: 4181
22
IntelliJ IDE Java Python
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This isn't a Threading issue, it is more of a web application design issue. Since the requests for each 'user' will happen over multiple different threads coming from the same thread pool there is no synchronization scheme which will allow separate data (you can't use ThreadLocal for example, and it isn't about publishing or modifying data atomically, it is about data isolation).

The only real way to get this to work is to make sure the two 'users' don't share the same session, and the only way I can think of doing that are:
1) Don't allow multiple tabs to work with different users. If a request for login comes in from a client which already has a session then block the login and use the currently logged in user.
2) Don't allow multiple tabs to work with different users (2). If a request for login comes in from a client which already has a session then discard the old session and start a new one with the new user name.
3) Don't use cookies to track session, use URL encoding. Then each new login could have a different session id, and the session would not be shared.
4) Use 'sessions' within sessions. Each HttpSession has a Map<String, Object> which you store that represents the current tab's 'sub-session' and is stored in the Session with semi-unique id (only has to be unique within the Session). All your data goes in one of these. Every URL has some encoding which adds the id to the URL as a parameter. Instead of using (pseudo code):


You would have to use (pseudo code):

Similar changes would be made to EL access in JSPs (pseudo code):



Depending on the application, I like #1 or #3, have never used #4 but it seems like a reasonable approach depending on how much application change that takes.
 
dinusha ambagahawita
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Many thanks for the ideas.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!