struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <>
Subject Re: Struts2 login action class seems to be reused
Date Thu, 15 Mar 2018 09:45:23 GMT

On 3/14/2018 5:43 PM, Prasanth Pasala wrote:
> We had a user report it soon after the deployment. After that we started looking into
the specific user who reported (User1) and the user (whose information was seen by the reporting
user) say User2.
> We realized there are login entries from same IP for both of these users.

As you get IP address from request (rather than Struts action), then it
seems that request (which contains username/password and that same IP
address) is being reused.

> In the access log of the server there was a POST request for User1 but at the time of
login entry for User2 there was only a
> GET request.  In the time line GET request is first, User1 sees User2's information
logs out and then login again with their credentials.

At that time when there is a GET request for User1 and this issue
happens, what are logs for User2 at same time?

Thanks in advance!
View raw message