One user sees another user's data

[Matt Walter]

Having a problem with a web app. User A and User B have both logged
on, are using the app, then User A all of the sudden begins seeing
User B's data.

I've checked for thread-safety in the servlets and can't find any
issues.

The web app is used over several hundered locations across the
country. When the session switching happens, the two users are always
at the same location, meaning user A and user B are on the same
network.

The site also uses Akamai's EdgeSuite. Currently, we have EdgeSuite's
persistent connections disabled - if we were to enable them User A and
User B could be at different locations and would experience the
session swtiching.

Any ideas?

Thanks.

 

[Sudsy]

Matt Walter wrote:

The web app is used over several hundered locations across the
country. When the session switching happens, the two users are always
at the same location, meaning user A and user B are on the same
network.

Any ideas?

Just one: it's possible that these sites are using NAT (Network Address
Translation). It permits multiple computers to share a single IP address.
A proper session management implementation should not have a problem with
NAT, setting browser cookies or utilizing URL rewriting as appropriate.
Lesser attempts might try to map sessions to IP address alone. It might
be easier from a programming stand-point but fails to address reality.
You'll have to do some network sniffing or dive into the logs in order
to prove or disprove this possibility. That or refer to the documentation
for the software packages in use...