struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanth Pasala <>
Subject Re: Struts2 login action class seems to be reused
Date Wed, 07 Mar 2018 19:53:17 GMT
Thanks for looking into this Yasser.  In the current setup we have, we don't have a cluster,
it is the only server handling all requests.

If it is a session crossover we would display another user information without making a login
entry. In the cases where we had issue the code recognized that there is no active session
and went to the
authentication part, authenticated the user and made a database entry for successful login.
The authentication is based on the form variables populated by struts into the action class.


On 03/07/2018 01:22 PM, Yasser Zamani wrote:
> On 3/7/2018 7:34 PM, Prasanth wrote:
>> I can't say that 2 percent of users were able to get in without username/password.
As I have ran the JMeter tests a lot of times (each run with 100 users). Only during one of
those runs of JMeter I
>> had 2 requests get users home page when Login.action was requested (with out username/password).
>> Below is the Login.action code. Removed the code that fetches the data for home page.
> Thanks! I see you use session also.
> Looks like a bug with Undertow web server [1]. I'm not familiar with it
> so you may open an issue there and copy paste this thread there. They
> may have some idea as it seems they have similar issues with session
> which I linked below.
> Good luck.
> [1]
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message