0

I have a springboot web application and I am trying allow concurrent user activity on the same browser.

The login function has a member object with email and password attribute tied to a thymeleaf form. When the user logs in it displays information for that user.

The issue I have is when I log in as a second user in a new tab while still logged in as first user, when i add a change to the first user the details of the user are changed to the second users.

On the java side the issue is related to this part.

What's happening is when a new member signs in I check if the member exists in "database" and then pass the object to the model. The model uses this object to populate the fields.

@RequestMapping(method = RequestMethod.POST, path = "/profile")
public String signIn(@ModelAttribute MemberEmail memberEmail, Model model, @RequestHeader, HttpHeaders headers)
    {
        if(MemberDB.validate(memberEmail))
        {
            member = MemberDB.getMember(memberEmail.getEmail());
            model.addAttribute("member", member);
            return "home";
        }
        else
        {
            System.out.println("Login  Failed");
            return "redirect:/devshub";
        }
    }

In my thymeleaf, I have a function where users can enter a message and it is displayed on their profile.

This function takes the message input and displays it on the users profile but it also needs a member to populate the fields again because it returns to the "home"

    @RequestMapping(method = RequestMethod.POST, path="/save")
    public String saveMessage(@ModelAttribute Member m, Model model, @RequestHeader HttpHeaders headers)
    {
        member.setMessage(m.getMessage());
        model.addAttribute("member", member);
        return "home";
    }

When i log in to two different accounts on different browsers, i think because it uses two different session ids, the correct member object is referenced for each account(by the session). However when using the same browser, when the member object is set to the second user, if i add a message as the first user, the message is added but the user information is switced to second users.

I'm thinking a possible solution could be to redirect without returning to home to when user object is already populated but still thinking of how I could do this as I would preferably not like to mess with session id's.

Lekan Swansons
  • 51
  • 4
  • 1
    When you use same browser you share session id between tabs. What's the purpose of using 2 different account in one browser? Can you log to facebook or google using one instance of the browser and having session for 2 different account ? That''s the purpose of having stored sessionId so whenever you open browser again you can open page without loggin in again and again – Rafał Sokalski Jun 08 '22 at 15:41
  • Related: [How to differ sessions in browser-tabs?](https://stackoverflow.com/q/368653/12567365), and maybe also [How to handle multiple sessions for same website using same browser with different tabs](https://stackoverflow.com/q/70995410/12567365) and [concept of different session in different window of same browser](https://stackoverflow.com/q/3810228/12567365) – andrewJames Jun 08 '22 at 16:22
  • You are probably right because I actually never though about that behaviour of a browser like that. In retrospect that means my application is functioning as any other web app should. I kind of always assumed you could log on to two different facebook or linkedin accounts at the same time on the same browser. – Lekan Swansons Jun 08 '22 at 16:57

0 Answers0