Hi,
I am using weblogic 6.1.  ( Upgrading to higher versions of
weblogic is last solution for me...which i am not sure will work or
not..)

I have a following problem in one of our installations.

1. When user "A" logs into the system he received a session id.
2. When user "B" logs into the system he after "A" he receives the
same "JSESSIONID" as "A".

In this particular installation this happens almost 90% of times.

NOTE :-  Loadbalancer or Clustering is not used.

Can this be some problem because of IE or network or weblogic
installation.

Can any one of you guide me in this aspect. THIS IS VERY URGENT.

Best Regards,
Sagar Surana

[ Post a follow-up to this message ]

UPDATE :-  The problem is solved.

Cause of Problem :-
-----------------

The problem as mentioned below occured because
1. we use URL rewriting method for session management.
2. One of users had created a shortcut which contained jsessionid in
it, And the same shortcut link was passed to other 3 users.
3. Whenever a junk is passed to getSession id to the weblogic , if it
doesn't recognize it , it gives a old session id ( i.e the lastest
valid session id of may another user ).

My colleagues tried by passing values like "hello" "blahbhlah" etc.
and it always returned latest valid session id.

Temporarily the problem is solved by modifying the shortcut.
I don't understand why weblogic returns a "latest valid session id"
this is a 100% a bug of weblogic.

Does anybody know if this is fixed in newer versions ?

Comments awaited if any ,
Sagar


ssurana@gmail.com (Sagar Surana) wrote in message news:<8b9ace8.0409251055.231b958b@posting.
google.com>...
> Hi,
>    I am using weblogic 6.1.  ( Upgrading to higher versions of
> weblogic is last solution for me...which i am not sure will work or
> not..)
>
> I have a following problem in one of our installations.
>
> 1. When user "A" logs into the system he received a session id.
> 2. When user "B" logs into the system he after "A" he receives the
> same "JSESSIONID" as "A".
>
>    In this particular installation this happens almost 90% of times.
>
> NOTE :-  Loadbalancer or Clustering is not used.
>
> Can this be some problem because of IE or network or weblogic
> installation.
>
> Can any one of you guide me in this aspect. THIS IS VERY URGENT.
>
> Best Regards,
> Sagar Surana

[ Post a follow-up to this message ]

UPDATE :-  The problem is solved.

Cause of Problem :-
-----------------

The problem as mentioned below occured because
1. we use URL rewriting method for session management.
2. One of users had created a shortcut which contained jsessionid in
it, And the same shortcut link was passed to other 3 users.
3. Whenever a junk is passed to getSession id to the weblogic , if it
doesn't recognize it , it gives a old session id ( i.e the lastest
valid session id of may another user ).

My colleagues tried by passing values like "hello" "blahbhlah" etc.
and it always returned latest valid session id.

Temporarily the problem is solved by modifying the shortcut.
I don't understand why weblogic returns a "latest valid session id"
this is a 100% a bug of weblogic.

Does anybody know if this is fixed in newer versions ?

Comments awaited if any ,
Sagar

ssurana@gmail.com (Sagar Surana) wrote in message news:<8b9ace8.0409251055.231b958b@posting.
google.com>...
> Hi,
>    I am using weblogic 6.1.  ( Upgrading to higher versions of
> weblogic is last solution for me...which i am not sure will work or
> not..)
>
> I have a following problem in one of our installations.
>
> 1. When user "A" logs into the system he received a session id.
> 2. When user "B" logs into the system he after "A" he receives the
> same "JSESSIONID" as "A".
>
>    In this particular installation this happens almost 90% of times.
>
> NOTE :-  Loadbalancer or Clustering is not used.
>
> Can this be some problem because of IE or network or weblogic
> installation.
>
> Can any one of you guide me in this aspect. THIS IS VERY URGENT.
>
> Best Regards,
> Sagar Surana

[ Post a follow-up to this message ]

hi Sagar 


hava you check weblogic.xml 
CookieMaxAgeSecs 's value is -1.
-1 stands for kill each session when browser close.


and also could you tell me the code how you get latest session when you pass
 value to get session ?
i would like to check it.

could you email me at  so_bang@yahoo.com

thank you very much
Bang

[ Post a follow-up to this message ]