I've encountered a really strange problem in my webapp. I'm not sure if
it this is an acegi-related issue but I'd like to be sure about this.
I use acegi security filter to perform authentication and authorization
in my webapp. The problem is that very, very seldom (two times so far in
last weeks) one user was able to see the data of another user. Each user
has another request.getSession().getId(), so this is not a
It looks just like the object stored in SecureContext is replaced with
the data of another user. I've reviewed all of my code and I do not see
any place where this could happen. The object stored in
context.getAuthentication().getPrincipal() is loaded by Hibernate during
Does anybody have any ideas how it is possible that content of
context.getAuthentication().getPrincipal() is replaced with the data
from another http session?
Thans for help,