1

I am having an issue with a struts 2 application. User 1 logs in successfully and is redirected to some page. After that , User 2 tries to login from her machine, she get redirected to user1's landing page.

I am not sure if that is an issue with the web container(web logic) or some issue in my coding.I am not able to figure out where I can go wrong and how the server can provide data from another users session.

The login action implements sessionaware, I have setter and getter for the session Map. If the login action returns sucesss user is redirected to another action where again the action implements sessionaware.

The problem is really weird. Can anyone suggest any reasons why it can be happening.

Also to add to the complexity , the same application ear works fine locally. The problem occurs only when I am trying to deploy it to test server.

Here is the intercepotr code. I don't think it is thread unsafe.

public class UserAuthentication extends AbstractInterceptor
{
    public UserAuthentication()
    {
    }

    public void init(){//System.out.println("init'd");
    }

    public void destroy() {System.out.println("destroyed");}

    public String intercept(ActionInvocation invocation) throws Exception
    {      
        String className = invocation.getAction().toString();
        Map OHRMS = ActionContext.getContext().getSession();

         System.out.println("EmpInfoUpd: " + new Date() + " Inside the interceptor: ");  
        System.out.println("EmpInfoUpd: " + new Date() + " Interceptor called for action: " + className); 
        System.out.println("EmpInfoUpd: " + new Date() + " Now printing the entries of session map from interceptor: " + OHRMS);


        Employee temp = (Employee)OHRMS.get("emp");
        if(temp==null)  
        { System.out.println("EmpInfoUpd: " + new Date() + " The session had no \"emp\" object. Interceptor returned \"login\" ");
            return "login";
        }
        System.out.println("EmpInfoUpd: " + new Date() + " The session had \"emp\" object with Employee name: " + temp.getFullName()+ " Interceptor returned \"login\" ");
            return invocation.invoke();

    }
}
Rpant
  • 974
  • 2
  • 14
  • 37
  • At this point, it's impossible to say. When you say it doesn't happen locally do you mean *ever*, including under load, or just "never when I try it with two people on a single machine"? – Dave Newton Jan 16 '13 at 20:48
  • never ever .. and its not that the problem occurs on test server only when its under load... the problem ALWAYS occurs on test server even if two users login in. The second user who logs in will see data of first user. – Rpant Jan 16 '13 at 21:19
  • Default interceptor stack? – Dave Newton Jan 16 '13 at 21:22
  • added another interceptor on top default interceptor. This interceptor checks if "emp" object exists in the session else redirects to login page. – Rpant Jan 16 '13 at 21:27
  • added a tag weblogic to the question , since the problem looks specific to it. The same code works fine on local server. – Rpant Jan 16 '13 at 21:30
  • 1
    Is the interceptor thread-safe? – Dave Newton Jan 16 '13 at 21:39
  • how do i make it .can u please help. besides i don't think that has anything to do with the issue .. because the interceptor is just acting as a gatekeeper. – Rpant Jan 16 '13 at 21:48
  • That may be, but since I can't see it, and I don't know what the issue is with the information provided yet, it's important to isolate the differences between your app and a stock S2 configuration. – Dave Newton Jan 16 '13 at 22:02

2 Answers2

1

I'm pretty sure it is due to the Interceptor not being Thread Safe.

I debugged something similar some time ago, and I shared that experience on an answer to a question similar to your, especially on how to implement a Thread safe Interceptor:

User session getting mixed up on tomcat

Hope that helps

EDIT

Try changing this:

Map OHRMS = ActionContext.getContext().getSession();

to this

Map OHRMS = invocation.getInvocationContext().getSession();

And see if it act the same in test environment.

I accessed the Session that way in my Interceptors and never had problems.

Community
  • 1
  • 1
Andrea Ligios
  • 49,480
  • 26
  • 114
  • 243
  • I added the interceptor code here. Can you see anything wrong with it.Morever everything works perfectly fine locally. And thread-safety should come into picture when there are concurrent users involved. Here one user logs in , and a minute later another user tries logging in from his machine. – Rpant Jan 17 '13 at 16:48
  • I don't know much about server management . But one thing different when hosted on test server is that the http requests are tunneled. and the requests that are not tunneled are https.(secured) . Found that in fiddler. – Rpant Jan 17 '13 at 16:51
  • Thanks for your help .. but that didn't help either. – Rpant Jan 17 '13 at 18:49
1

Thanks everyone for your efforts. The problem was I was using .html extension for all the struts pages, and the test web-server thought they were static pages. So returned the last page serviced. The problem is finally resolved after changing extension of the pages to .action

Rpant
  • 974
  • 2
  • 14
  • 37