Results 1 to 4 of 4

Thread: Spring Security 2.0.3 and Struts 1.3.8 - SessionId problem

  1. Aug 12th, 2008, 03:25 AM #1
    tcd
    tcd is offline Junior Member
    Join Date
    Aug 2008
    Posts
    5

    Default Spring Security 2.0.3 and Struts 1.3.8 - SessionId problem

    Hey guys

    After years of messing around with self written security code, I decided to port my Struts webapp to use Spring Security instead. Authentication and authorization is working fine but I've got a problem with SessionId.
    I tried to test my webapp inside Firefox and logged on as "Lager", some kind of superuser, and in another tab I used "100000", which is a normal user. My problem is now, that the second login overwrites the first session because it uses exactly the same SessionId.

    Code:
    first login:
[WARN] LoggerListener - Authentication event AuthenticationSuccessEvent: lager; details: org.springframework.security.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: E15D112F3CAA5EC4578D993672D2C7BA
[WARN] LoggerListener - Authentication event InteractiveAuthenticationSuccessEvent: lager; details: org.springframework.security.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: E15D112F3CAA5EC4578D993672D2C7BA

second login:
[WARN] LoggerListener - Authentication event AuthenticationSuccessEvent: 100000; details: org.springframework.security.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: E15D112F3CAA5EC4578D993672D2C7BA
[WARN] LoggerListener - Authentication event InteractiveAuthenticationSuccessEvent: 100000; details: org.springframework.security.ui.WebAuthenticationDetails@255f8: RemoteIpAddress: 127.0.0.1; SessionId: E15D112F3CAA5EC4578D993672D2C7BA
    What am I doing wrong?

    Thx for any help.
    Michael
    Attached Files Attached Files
  2. Aug 12th, 2008, 03:26 AM #2
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,625

    Default

    You are doing nothing wrong it is the way the browser works.
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
  3. Aug 12th, 2008, 03:36 AM #3
    tcd
    tcd is offline Junior Member
    Join Date
    Aug 2008
    Posts
    5

    Default

    Thanks for your rapid reply ;-)

    Seems that I simply never recognized this behaviour. The webapp is running for more than three years now and I've not tested those cases -> my bad.
  4. Aug 12th, 2008, 04:26 AM #4
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,625

    Default

    You get the same behavior if you open a new window with CTRL+N from your browser. All the session information is copied to the new instance/window.

    You can have 2 solutions.
    1) Be completly stateless (i.e. don't use the session)
    2) Force session creation for a new tab (not sure how to do that).
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules