[thelist] JSP Sessions duplicate
VOLKAN ÖZÇELİK
volkan.ozcelik at gmail.com
Thu Jun 9 14:49:30 CDT 2005
On 6/9/05, Dan McCullough <dan.mccullough at gmail.com> wrote:
> Are A and B present on the system at the same time? If not then could
> B be using A's computer and then trip a spot where A's old session id
> is used through the use of address line prefil?
The session id is not passed via address line, it is passed with a
session cookie, so catching one's session by browsing in the history
back and forth is not possible.
Moreover the app is a single-page application. When user willingly or
unwillingly browses to another page, his session is invallidated and
closed (by a trigger on window.onunload)
Additionally we are sure that everyone is using IE6 SP1 (so no
cross-browser issue) (being not cross-browser is another story which I
opposed since I joined the project team; but the project was at
post-alpha-test/relase phase when I joined, where it was way too late
to have a U-turn)
> Is this a
> multi-tiered application with several websphere servers? If so are
> all servelets serialized?
We have 2 servers behind a load balance. Here is how the load balance works fyi:
User A connects to the site; a connection with server1 is
established. User A connects to server1 throughout his entire session.
User B connects to the site; a connection with server2 is established.
User B uses the connection througout the session's lifetime.
At least it is how it was said to us.
[But I get somewhat suspicious, since I don't exactly know how this
load balance works. I'm gonna talk to the network people as well.
Thank you for pointing it out.]
>
> Honestly I would have to say that there is a small snippet of
> non-thread safe code sitting around somewhere, and only gets tripped
> in some odd seires of events done by the users.
We have examined over and over and are still observing every bit and
piece of code where this User object is used. Nothing suspicious yet.
>Is there anyway you
> can contact A and B and see if they can retrace their online
> adventure?
>
A and B are random individuals. And it's hard to recreate exactly what
they have done. (There is a lot of business logic involved, both
client-side and server-side.)
What we can do is to add listeners around and try to observe what is going on.
Cheers,
Volkan.
More information about the thelist
mailing list