Re: help - multiple users are getting the same session
Re: help - multiple users are getting the same session
- Subject: Re: help - multiple users are getting the same session
- From: Chuck Hill <email@hidden>
- Date: Wed, 15 Dec 2004 08:32:00 -0800
Sounds like someone has installed a http cache upstream from the office
that is caching the results of the login page.
Chuck
On Dec 15, 2004, at 2:44 AM, Denis Stanton wrote:
Hi
I've found a serious problem with my WebObjects application. It has
been running for over a year, but over the last few days users have
been reporting that the login name, which is displayed at the top of
the window, is actually someone else's, not the one they entered.
I didn't believe it but now I've visited the client and seen it for
myself. It's worse than they said. The users are actually all being
given the same session.
When several users log in within a short space of time the first one
gets a new session and then the others are given the same session.
The results for the application are catastrophic. It handles vehicle
reservations with most of the data for a booking being carried in the
session class. There are only a small number of users as the
application is only used within the company, but when several of the
reservations staff are actively editing the same session things get
very untidy very quickly.
I have done some simple tracing and found that
createSessionForRequest(...) is not being called when a new user
accesses the web server with the URL
http://myserver/cgi-bin/WebObjects/MyApp.woa. It is behaving as if
each new user was supplying a URL including an existing session ID. I
suppose this is what happens when cookies are used, but I have not put
in any code for cookies.
It does not happen when I compile and run the application in direct
connect mode and it does not seem to happen when I test deploy the
application through Apache on my development computer. - Mac OS X
10.3.6, WebObjects 5.2.3
It does happen when the application .woa file is copied over to the
remote server which is running OS X Server 10.3.6, WebObjects 5.2.3
I don't have exclusive control of the server. Is it possible that the
administrator has changed the configurations so it is holding the
session ID and giving it out to anyone who asks? When I have tested
the login procedure I have used multiple tabs in Safari to login with
different names, and then tried multiple windows in Safari. I am
assured it happens with multiple separate computers, both Mac and
Windows. Most of these computers would be on a LAN sharing a DSL
connection to the server which is remotely hosted. I am told that
even the small group of staff connecting from another city may find
they are sharing the same session.
Has anybody seen this? It seems to have only happened in the last few
days, but I can't imagine what has made it possible.
Thank you for reading such a long message.
Denis Stanton
Denis Stanton
email@hidden
Home: (09) 533 0391
mobile: 021 1433622 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
village.net
This email sent to email@hidden
--
Practical WebObjects - a book for intermediate WebObjects developers
who want to increase their overall knowledge of WebObjects, or those
who are trying to solve specific application development problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden