•  01-10-2020
  •  | 
  •  

Question

Application server - JBoss AS 7.1.1
JDK6
J2EE 1.3

My web application is more than 10 years old and facing this session swap problem in my portal. Noticed that swap happens mostly when many concurrent users accessing the portal and underlying windows server is busy (more than 90% CPU usage)

To analyse this issue, I logged customer data (customer id, ip address, jsession id) to a table and found that customer having unique jsession id initially has his data and all of a sudden for the same jsession id and ip address receiving different customer data.

customer1  123.123.12.123   jsessionid123    11:10:02
customer2  123.123.12.123   jsessionid123    11:10:04

ip address (123.123.12.123) having jsession id (jsessionid123) somehow gets customer2 data

Any order placed by customer1 in ip - 123.123.12.123 gets created for customer2, I confirmed this by calling customer2 and they confirmed that they didn't place the order. customer1 won't realise he placed order for customer2 - all the data gets changed, like basket items, customer object, products etc.

Now I need to find a fix for this, but first I need to know which part of my code is creating this problem.

Do I have to use a stress test software? or any better mechanism to find out the problematic code?

Was it helpful?

Solution 3

I found a fix for this problem. In my case, the in-house framework got the below code which caused the problem,

        ...
        req.setAttribute(key, value); /* This code gets executed for both REQUEST & SESSION */
        if (scope == Sp.SESSION) {
            req.getSession().setAttribute(key, value);
            ...

I noticed somehow the code maps session objects to incorrect jsessionid, so I tried the below code, 

        ...
        if (scope == Sp.REQUEST) { /* Added this check */
            req.setAttribute(key, value);
        }
        if (scope == Sp.SESSION) {
            req.getSession().setAttribute(key, value);
            ...

It's nearly a year after this fix, and the swap didn't happen at all. So I'm confident this code fix solved the swap problem.

OTHER TIPS

Look whether you are storing data in singletons (eg servlet) or in pooled objects. To be clear, variables inside function are ok, only something in servlet itself is problem. In comment you say you choose action, if you choose existing instance, then you should not store session wide data in it.

Once I seen (ehm, caused) similar problem caused by incorrectly using phase listeners (in JSF) where we created listener for each request (which led to similar sindroms + after while it was extremely slow (executing listeners extremely many times). I quess that this is not your problem.

I've experienced something like this before. In my experience, the Action class that's supposed to receive data from the JSP is instantiated as a singleton, so when there are many concurrent users, the singleton class gets 'reused' which caused the apparent 'session-swapping'.
So check the whatever class is receiving your user inputs (for example, Action class in struts framework), and make sure that its not singleton.

Licensed under: CC-BY-SA with attribution
scroll top