Mar 2nd, 2009, 08:23 PM
Session Beans being overwritten
Java Version: Java 5
Environment: Glassfish2 with Javaee5
Using Spring Framework with a session scoped bean
We have recently deployed a new application and we are having certain issues with it.
Issue 1– Two users, using the application at the same time, saw session data that was not theirs. For example- A user can switch between tabs of the application. User views tab A, the user switches to tab B, and goes back to the tab A. Tab A data now displays another user’s data. They can switch back and forth between tab A and B and see various session data that may or may not be theirs.
Issue 2- Random users are experiencing HTTP 500 errors with null pointer exceptions. This is occurring when users start forms, save responses to questions, submit their forms. This occurred sporadically but happens more often with most common actions such as saving a response to a question.
The system does not find the information that is available and results in creating a new record.
Any help or insight would be greatly appreciated.
Mar 2nd, 2009, 08:24 PM
Here are some additional details to this message:
We have recently deployed a new application which uses Spring MVC. We are using Glassfish v2 EE5 as our application server. We have started getting errors in the application which go up as the number of users increases. Some of the users are able to view data that belongs to other users who are concurrently using the application.
For example - A user can switch between tabs of the application. User views tab A, switches to tab B, and then goes back to the tab A. Tab A data now displays another user’s data. They can switch back and forth between tab A and B and see various session data that may or may not be theirs.
our app_Servlet.xml looks like this:
<bean id="appDao" class="app.dao.AppDaoImpl">
<property name="dataSource" ref="dataSource" />
<bean id="authenticatedUser" class="app.models.AuthenticatedUser" scope="session">
<bean id="appService" class="app.service.AppServiceImpl">
<property name="appDao"><ref bean="appDao"/></property>
. . .
<!-- These controllers represent the page handlers -->
<bean id="addResponseController" class=”app.controllers.AddResponseController">
. . .
The intent of the above is to have a single appDAO bean shared by all sessions (singleton), with each session getting an appService bean (also a singleton) injected with this appDAO bean and authenticatedUser a session-scoped bean with the session authentication information. Each request has access to this session information via its current controller (such as the above addResponseController) which has the appService injected into it when a new request is processed.
Should the appService bean also be session-scoped to avoid getting overwritten when a new (different) user requests a service before the earlier user is finished.
This is particularly important in the light that the application has begun to get somewhat random null-pointer errors and some cases of session mixing when the load increases. With just a few users, everything works fine, but when the number of users gets over 50-100, errors begin to occur. The number of errors seems to increase with the number of users.
Is the above code a reasonable approach to handling the session information? Any ideas on what might be causing session mixing with the above application setup?
Thanks in advance for any help on this!