struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanth Pasala <>
Subject Re: Struts2 login action class seems to be reused
Date Fri, 16 Mar 2018 19:30:51 GMT
There is only one reference to Util.authenticate in the project and that is in LoginAction.

On 03/16/2018 02:13 PM, Yasser Zamani wrote:
> And you confirm that those log record insertions are only possible via LoginAction.execute
method? Right? Or util.authenticate are called elsewhere also?
> On Mar 16, 2018, at 9:45PM, Prasanth Pasala <<>>
> We have a pretty standard struts.xml just declaration of action and the class along with
the results (tiles results). Nothing other than that.
> On 03/16/2018 11:55 AM, Yasser Zamani wrote:
>  On 3/16/2018 1:49 AM, Prasanth Pasala wrote:
>  We do have login time, using that and the IP to correlate that with the access logs.
Not all login entries have corresponding POST entries in access log, so those would be our
problems occurrences.
>  They actual correspond to a GET entry from a user.
>  IP of the GET request of User1 matches with the login record in the database (login
would be for User2 id and IP from User1 GET). So it looks as if the same user logged in from
two different IPs
>  around the same time, which shouldn't be the case.
>  I'm almost sure Struts always asks object factory to create the action
>  on each request. This is belong to object factory if create a new one
>  object of that action, or no, reuse a previous one object of an action.
>  So have you set any specific object factory via struts.xml?
> ________________________________
>  To unsubscribe, e-mail:
>  For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message