struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanth Pasala <ppas...@pangburngroup.com>
Subject Re: Struts2 login action class seems to be reused
Date Wed, 07 Mar 2018 19:53:17 GMT
Thanks for looking into this Yasser.  In the current setup we have, we don't have a cluster,
it is the only server handling all requests.

If it is a session crossover we would display another user information without making a login
entry. In the cases where we had issue the code recognized that there is no active session
and went to the
authentication part, authenticated the user and made a database entry for successful login.
The authentication is based on the form variables populated by struts into the action class.

Thanks,
Prasanth

On 03/07/2018 01:22 PM, Yasser Zamani wrote:
>
> On 3/7/2018 7:34 PM, Prasanth wrote:
>> I can't say that 2 percent of users were able to get in without username/password.
As I have ran the JMeter tests a lot of times (each run with 100 users). Only during one of
those runs of JMeter I
>> had 2 requests get users home page when Login.action was requested (with out username/password).
>>
>> Below is the Login.action code. Removed the code that fetches the data for home page.
> Thanks! I see you use session also.
>
> Looks like a bug with Undertow web server [1]. I'm not familiar with it
> so you may open an issue there and copy paste this thread there. They
> may have some idea as it seems they have similar issues with session
> which I linked below.
>
> Good luck.
>
> [1]
> https://issues.jboss.org/browse/JBEAP-6683?focusedCommentId=13340535&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-13340535
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message