3

Scenario:

In case of simultaneous usage by multiple users the cookie based login sometimes gets overridden causing one user to see other users information.

Session is completely cookie based and each request to server is authenticated with database via encoded values in cookies for valid user and session.

Application uses spring MVC framework.The application runs fine except for when hundreds of users hits the website at the same time. There are few concurrent issues. Data of one user is getting exchanged with another.

We are facing trouble in reproducing the issue. We have limited Testing resources , which are tools/Methods we should follow to replicate the issue.

Nilesh Bhosale
  • 98
  • 5
Abhijeet Gupta
  • 31
  • 2

1 Answers1

1

This scenario is for security breach.

I have had reproduced this scenario while I was doing system test but not pretty sure that same would be applicable in your case also.
Hope that below steps would be helpful in your case.

Steps to reproduce:

  1. Login to system with the User Id A on one browser and User Id B on another browser.

  2. Do some modification operation on the existing screen for user A and don't do any operation with user B.

  3. Save/Submit the recently edited data for user A.

  4. Don't log off the existing user's(A) session.

  5. Check the Backend DB for recently modified data and time stamp against a user A.

    At this point of time, DB should have to reset the original parameters as it is.

    Now try to do any data modification for user B.

  6. Check the Backend DB for recently modified data and time stamp against a user B.

DB must require to reset the original parameters values

The session sharing act for the second user B should not be happened and second user B should have a different session id than that of the first user A.

Community
  • 1
  • 1
Pankaj S
  • 11
  • 1