Session mixup problem


We are facing a strange problem with one of application running on JBoss 4.0.4 GA (with Apache Tomcat 5.5.17) and Oracle XE ( .

There are several uses who have logged into the system. Let's say user "A" and "B" also have logged into the system (on different machines).

User A creates a record and saves it into the database.
When the saved record is checked it shows "B" as the creator of document instead of "A".
This happens sometimes and we are unable to reproduce the problem. The only thing we suspect is that the user "A" session is overwritten when user "B" logs into the system.

Please note, the above problem is not specifically with user "A" and "B", it has happened between other users also. I've used "A" and "B" to quote an example.

Any idea what could be the problem.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


do you have a "User" class which you are instantiating for every user and adding to session?  If so, check for static members in this class.

Test in the following scenarios:

1. only A is logged in and creates records
2. A is logged out and now only B is logged and is creating records
3. First A logs in, and then B logs in.  Now A creates records and B creates records.

in (1), things should be perfect.
if in (2) the records are being shown as created by A, you are not clearing state.
if in (3) A's records are being shown as created by B is one indication, and B's records being shown as created as A is another indication

this should help you narrow down.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ashishanandAuthor Commented:

I finally found the problem & solution. The problem was that the HttpSession variable was defined at the class level (i.e. global). This was causing user A's session to be overwritten by user B's session.

I changed this and defined them in each of the methods inside the servlet class.

Thanks successcraft for your comments. Static definition was also another problem.

ashishanandAuthor Commented:
Your pointer towards static definition help to resolve the problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Oracle Database

From novice to tech pro — start learning today.