1

I hope you can help me, because I try to find answers on internet but I didnt find anything about this.

Problem: I have a common java web application (first page is login and then system options) that run very well in public environments. I have a client that has ISA Server 2006 as a proxy for his enterprise and people in that place get some mistakes like show information of other users that are concurrently logged in the system. I think the error is that ISA is caching the session cookie and when some user make a request, the ISA share that cookie sending to my server a request with bad sessionId.

Someone has any idea about this problem or knows how to solve it (I dont have access to ISA to avoid caching of my app)?

Thanks!.

Hernán Tenjo
  • 179
  • 2
  • 12

1 Answers1

0

I've never heard of a problem with proxies caching session cookies. That's not to say it can't happen, but I'd look closer to home first. What you're describing would be an expected outcome of non-thread-safe code. Look for concurrency issues in your codebase. Another possibility is web caching. If requests for data all go to the same URL and you aren't controlling caching appropriately, it's conceivable that a web cache might cache data from one user's request and show it to another user.

Ryan Stewart
  • 126,015
  • 21
  • 180
  • 199
  • I use Spring 3 for web using MultiActionControllers, in this way I dont know if I have problems of non-thread-safe but I dont think. I put the directives below but this it's not working with the proxy. Do you know another way to do a good management of cache? – Hernán Tenjo Jul 27 '11 at 13:56
  • This are the directives `<% response.setHeader("Cache-Control","no-store"); //HTTP 1.1 response.setHeader("Pragma","no-cache"); //HTTP 1.0 response.setDateHeader("Expires", -1); %> ` – Hernán Tenjo Jul 27 '11 at 13:57