• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

User Kicks off randomly an User Sessions Swapping

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, We are facing a burning issue in our production environment where users are randomly kicked out to the login page and also the user sessions are swapping randomly. I am unable to figure out the root cause of this issue.

The environment:
Spring framework 2.0.6
Web Logic Server 10.3.6
Hibernate
Load Balancer at Web Logic Proxy server
Load Balancer between Web Logic Proxy server and Web Logic main server

Troubleshooting steps taken so far:
- Tried to troubleshoot the issue step by step. In first step to see if the issue is at the load balancer because of session stickiness is getting lost by decoupling both the load balancers to send the request directly to the main server. The issue still exists.
- Users are not on RDP Therefore sharing the same session id is ruled out
- Checked if the uesrs machines are configured to get dynamic IP address - yes it is configured to get dynamic IP address, but the interval is over 60 days. So this is also ruled out. We made sure that all users are sync'd to get the dynamic IP address on the same day
- All user browsers are configured to store cookies. Therefore URL rewriting is not kicked in.
- Made sure that cookies are not blocked at proxy or firewall.

I am scratching my head to figure out what else could be the issue. I am not sure how session is handled in Spring. I believe, WebLogic creates the sessoin and passes the session information in the header. Therefore, I don't think Spring is culprit in this scenario to store the session information at instance variable level.

To better understand how the issue is arising, we have installed video recording software and also fiddlerCap to capture information. Waiting on this information.
Can you gusys shed some light on this issue? Any pointers or clues.
 
Rancher
Posts: 2759
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One thing you might want to investigate is concurrency issues in Java code. If your Java code is not thread safe, you might have problems like one user seeing other user's data, or one user's record overwritten by another user and yes... even one user logging out another user.
 
Srini Madala
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jayesh for your quick response. But I did not get the concurrency issue you are referring to. Where exactly we may encounter thread safe issue in terms of session id information?

By the bye, we are using ACEGI security to handle internal users security. Not sure whether it helps in pinning down the issue.
 
Jayesh A Lalwani
Rancher
Posts: 2759
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Srini,

This is an example of thread unsafe code. There are many ways you could make your code thread unsafe



the above code is thread unsafe. Let's say 2 users are using your system at the same time, and User A is trying to update records, and user B is trying to logout, the updateRecord and the logout method will execute concurrently, or in simple terms, both methods will run at the same time. Depending on the sequence of operations, userId can be set to user A when logoutUserById is called. This means that user A will be logged out, not user B.

I'm not saying that this is the problem. I'm just saying that if you have thread unsafe code, it might look to the end user that the "session" is being shared between users. If you have eliminated everything else, look at thread safety
 
Srini Madala
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jayesh! It is interesting and makes sense to me.

Yes, we have hundreds of controller classes and they are not thread safe. I think I misstated my issue here. It is not the logged in user information that is getting swapped, but we are facing the swapping of claim information. While the user is working on a claim, all of a sudden, he/she gets another claim information on the screen. Since all controller classes are singleton classes, I think it is applicable to all types of service calls - read, update, delete etc.

So, assuming that all controllers are not thread safe, is there a way to make them thread safe at the configuration level in web.xml file without impacting the performance?
 
Jayesh A Lalwani
Rancher
Posts: 2759
32
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can request scope / session scope your controllers and service classes. That might solve some concurrency problems, but not all.

If any of your classes have static members that are modified in multiple threads, you have basically screwed yourself.

Session/request scoping of beans will effect performance, but it might get you over prod issues until you go back and fix problems
 
Ruth Stout was famous for gardening naked. Just like this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic