2 Replies Latest reply on Aug 4, 2009 10:58 PM by peterh.geprio.karnet.lublin.pl

    session switch?

    peterh.geprio.karnet.lublin.pl
    peterh.geprio.karnet.lublin.pl Aug 4, 2009 9:26 PM

      Hello,


      I have very strange behavior in my Seam 2.1.1 application. I'm using Tomcat 6.0.16 without EJB.
      When user log in and click on the page witch was restristed before he enter the page but as another random user.
      For example he logged in as dave, click his profile and he is anny...
      I don't know how to reproduce it. It happend once first 2 months ago, then I changed Seam and Tomcat version hoping it helps but not :(
      I spent many hours looking for possible bug in my app but my app doesn't touch the user credentials after login or even logged in user. To log in I'm using standard credentials component.


      Did anyone have ever this problem? Maybe you have sugestion what could make this behavior?


      I will try JBoss AS soon.


      Regards,
      Peter Huebnel

      • 79 Views
      • Tags:
        • 1. Re: session switch?
          joblini
          joblini Aug 4, 2009 10:48 PM (in response to peterh.geprio.karnet.lublin.pl)

          Hello Peter,


          I'm not sure if this is your problem, but if a user is already logged in during the same Session, any subsequent login silently fails, and processing continues under the logged on user.  To login as a different user, the currently logged in user must logout, or, all browser windows must be closed to ensure that a new Session is started.




             public synchronized void authenticate() 
      throws LoginException
   {
      // If we're already authenticated, then don't authenticate again
      if (!isLoggedIn() && !credentials.isInvalid())
      {
         principal = null;
         subject = new Subject();
         authenticate( getLoginContext() );
      }      
   }





          In my case I found this behavior to be undesirable, and I overrode the Identity component to remove the check for !isLoggedIn()

            • Actions
          • 2. Re: session switch?
            peterh.geprio.karnet.lublin.pl
            peterh.geprio.karnet.lublin.pl Aug 4, 2009 10:58 PM (in response to peterh.geprio.karnet.lublin.pl)

            Thanks for reply, but my problem is different.
            For example Mr Andy has only one account andy and Mrs Anny has account anny. When Mr Andy log in as andy and click on his profile page he becomes logged in as anny.
            I can't reproduce it, it's happening only under some load for example over 100 users logged in.

              • Actions