Oracle ADF + Weblogic Session Issue — oracle-tech

    Forum Stats

  • 3,708,780 Users
  • 2,241,126 Discussions
  • 7,840,613 Comments

Discussions

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Oracle ADF + Weblogic Session Issue

DelaDela Posts: 10
edited September 2015 in WebLogic

Hello

I have a problem about weblogic session as below.

some time , user reflash the page,the new page is others user's page and user's name.

for example, user A and user B logon the system, user A will see user B's page and the login name change to user B after reflash.

rickepm

Answers

  • edited April 2015

    There are two possibilities here:

    1.) The application servlet/jsp code might be storing request-related variables (e.g., HttpServletReques, HttpSession, etc.) in a member variable in the class.  For example, rather than passing the session object to a helper method as an argument, if the application stores it in a member variable, calls the helper method, and the helper method picks it up from the member variable.  This pattern of interaction is not thread-safe since the App Server generally only creates a single instance of the server class to service all requests and all threads are executing against that single instance concurrently.

    2.) There might be a bug in the ADF framework itself.  After verifying that #1 is not the issue, I suggest filing a Support case with Oracle, since this would potentially be a very serious security issue.

    rickepm
  • DelaDela Posts: 10
    edited April 2015

    Hi Robert,

        Thanks for your reply.

        I was checked the project, there is not a member variable.

        The Project use this method to set and get session value such as userId as below.

        public void setSessionValue(String objectName, Object obj) {

            FacesContext ctx = FacesContext.getCurrentInstance();

            HttpSession sess = (HttpSession)ctx.getExternalContext().getSession(true);

            sess.setAttribute(objectName, obj);

        }

        public Object getSessionValue(String objectName) {

            FacesContext ctx = FacesContext.getCurrentInstance();

            HttpSession sess = (HttpSession)ctx.getExternalContext().getSession(true);

            Object obj = sess.getAttribute(objectName);

            return obj;

        }

       I guess the method getSessionValue(String objectName) get the other's userId

  • DelaDela Posts: 10
    edited April 2015

    Hi Robert,

        Thanks for your reply.

        I was checked the project, there is not a member variable.

        The Project use this method to set and get session value such as userId as below.

        public void setSessionValue(String objectName, Object obj) {

            FacesContext ctx = FacesContext.getCurrentInstance();

            HttpSession sess = (HttpSession)ctx.getExternalContext().getSession(true);

            sess.setAttribute(objectName, obj);

        }

        public Object getSessionValue(String objectName) {

            FacesContext ctx = FacesContext.getCurrentInstance();

            HttpSession sess = (HttpSession)ctx.getExternalContext().getSession(true);

            Object obj = sess.getAttribute(objectName);

            return obj;

        }

       I guess the method getSessionValue(String objectName) get the other's userId

  • edited April 2015

    I would suggest opening a case with Oracle Support.

    rickepm
Sign In or Register to comment.