struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasserzam...@apache.org>
Subject Re: Struts2 login action class seems to be reused
Date Wed, 16 May 2018 05:44:59 GMT


On 5/16/2018 6:59 AM, Prasanth Pasala wrote:
> We have two applications (websites) to make it easier for users we have a third site
that acts as a common login place. Once the user enters the username and password it determines
the right site to use and does a forward to that context (applications hosted in the same
host).
> 
> When using struts1 everything was fine. When we moved to struts2 we started getting crossed
logins. When a user gets to login page the action would get populated with a username and
password used by some other user. This happens only if a request with this information is
forwarded from one context to another.
> 
> With some help from struts mailing list it was determined that some how old actions are
in the stack and if we remove get methods struts2 would not be able to pull that data and
put in the current value stack. So we did it and when we started testing we are getting session
invalid exceptions. Again this happens only if there are users logging in context1 and that
request is forwarded to context2. If the login activity is done directly in context2 the issue
does not arise.

Could you post the complete stacktrace of invalid session exception? I
think knowing where and why tries to access session may help.

Regards.
Mime
View raw message