• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Tomcat session data bleeding

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have a portal (uportal) running on Tomcat. We have programmed a couple of of Portlets that for the most part run just fine.

A few of these portlets are grabbing data from an Oracle DB and presenting it to our users -- this info is grabbed based upon a user id. Every once in a while (1 in 10,000 logins perhaps?) we get reports of users getting the data of different users, when we do get this report it seems to be from 2 or 3 different users at about the same time. We've looked through backups of the DB to see if info is written wrong and what it looks like some sort of session-data bleeding. (our portlets don't have any static variables that could accidentally be shared)

Has anyone ever heard of Tomcat accidentally giving one user's session data to a different user? How would I begin to look at this? I'm not sure how to view/record individual session data.

thank you for your help.
 
Chad Step
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We found it, kind of a newbie mistake I guess.

We thought that each time a servlet was requested, a new object was created-- so we assumed instance variables we encapsulated from all the other requests.

Found this on CodeRanch: https://coderanch.com/t/451902/JSP/java/session-mix-up
Its cleared up now that all our variables need to be in the doView method.
 
Saloon Keeper
Posts: 23764
161
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Are you using Struts, by any chance? It's real easy to make that mistake in Struts. I inherited an application that was so rife with stuff like that that its only salvation was the fact that only rarely was more than one user online at a time.
 
Chad Step
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I was not using Struts in this. Interesting that it would have this problem.

I've only learned about it in quick research. is it kind of like Ruby-On-Rails for Java?
 
It is no measure of health to be well adjusted to a profoundly sick society. -Krishnamurti Tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic