|
Home > Archive > WebLogic support > October 2004 > Duplicate session id problem in weblogic 6.1
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Duplicate session id problem in weblogic 6.1
|
|
| Sagar Surana 2004-09-25, 5:53 pm |
| Hi,
I am using weblogic 6.1. ( Upgrading to higher versions of
weblogic is last solution for me...which i am not sure will work or
not..)
I have a following problem in one of our installations.
1. When user "A" logs into the system he received a session id.
2. When user "B" logs into the system he after "A" he receives the
same "JSESSIONID" as "A".
In this particular installation this happens almost 90% of times.
NOTE :- Loadbalancer or Clustering is not used.
Can this be some problem because of IE or network or weblogic
installation.
Can any one of you guide me in this aspect. THIS IS VERY URGENT.
Best Regards,
Sagar Surana
| |
| Sagar Surana 2004-09-29, 8:04 pm |
| UPDATE :- The problem is solved.
Cause of Problem :-
-----------------
The problem as mentioned below occured because
1. we use URL rewriting method for session management.
2. One of users had created a shortcut which contained jsessionid in
it, And the same shortcut link was passed to other 3 users.
3. Whenever a junk is passed to getSession id to the weblogic , if it
doesn't recognize it , it gives a old session id ( i.e the lastest
valid session id of may another user ).
My colleagues tried by passing values like "hello" "blahbhlah" etc.
and it always returned latest valid session id.
Temporarily the problem is solved by modifying the shortcut.
I don't understand why weblogic returns a "latest valid session id"
this is a 100% a bug of weblogic.
Does anybody know if this is fixed in newer versions ?
Comments awaited if any ,
Sagar
ssurana@gmail.com (Sagar Surana) wrote in message news:<8b9ace8.0409251055.231b958b@posting.google.com>...
> Hi,
> I am using weblogic 6.1. ( Upgrading to higher versions of
> weblogic is last solution for me...which i am not sure will work or
> not..)
>
> I have a following problem in one of our installations.
>
> 1. When user "A" logs into the system he received a session id.
> 2. When user "B" logs into the system he after "A" he receives the
> same "JSESSIONID" as "A".
>
> In this particular installation this happens almost 90% of times.
>
> NOTE :- Loadbalancer or Clustering is not used.
>
> Can this be some problem because of IE or network or weblogic
> installation.
>
> Can any one of you guide me in this aspect. THIS IS VERY URGENT.
>
> Best Regards,
> Sagar Surana
| |
| Sagar Surana 2004-09-29, 8:04 pm |
| UPDATE :- The problem is solved.
Cause of Problem :-
-----------------
The problem as mentioned below occured because
1. we use URL rewriting method for session management.
2. One of users had created a shortcut which contained jsessionid in
it, And the same shortcut link was passed to other 3 users.
3. Whenever a junk is passed to getSession id to the weblogic , if it
doesn't recognize it , it gives a old session id ( i.e the lastest
valid session id of may another user ).
My colleagues tried by passing values like "hello" "blahbhlah" etc.
and it always returned latest valid session id.
Temporarily the problem is solved by modifying the shortcut.
I don't understand why weblogic returns a "latest valid session id"
this is a 100% a bug of weblogic.
Does anybody know if this is fixed in newer versions ?
Comments awaited if any ,
Sagar
ssurana@gmail.com (Sagar Surana) wrote in message news:<8b9ace8.0409251055.231b958b@posting.google.com>...
> Hi,
> I am using weblogic 6.1. ( Upgrading to higher versions of
> weblogic is last solution for me...which i am not sure will work or
> not..)
>
> I have a following problem in one of our installations.
>
> 1. When user "A" logs into the system he received a session id.
> 2. When user "B" logs into the system he after "A" he receives the
> same "JSESSIONID" as "A".
>
> In this particular installation this happens almost 90% of times.
>
> NOTE :- Loadbalancer or Clustering is not used.
>
> Can this be some problem because of IE or network or weblogic
> installation.
>
> Can any one of you guide me in this aspect. THIS IS VERY URGENT.
>
> Best Regards,
> Sagar Surana
| |
| so_bang 2004-10-26, 7:37 pm |
| hi Sagar
hava you check weblogic.xml
CookieMaxAgeSecs 's value is -1.
-1 stands for kill each session when browser close.
and also could you tell me the code how you get latest session when you pass value to get session ?
i would like to check it.
could you email me at so_bang@yahoo.com
thank you very much
Bang |
|
|
|
|