JavaEE 6 retrieving another user's data

Question

Another programmer told me about a problem, that one user sometimes sees the data of another logged-in user. Probably they are requesting the same context at the same time. I thought, that is impossible to happen? Since Garbage Collection, Container-managed Transactions and JSessionID Without looking at the code, it is hard to guess. But maybe you have hint. He is using this structure: JavaEE 6 coded Web Application, using EJB and Web Container seperatly on a Glassfish v3 JSF + PrimeFaces Framework

Thanks in advance

Answer 1

The good news is that the EJB architecture is absolutely capable of isolating data, so this will be a bug in your code.

One thing to look for is the kind of beans you're using:

• If you have stateful beans, the container will make sure each client gets the right instance.
• If you use stateless beans, these are shared between clients. If you're storing any client-specific state in these, this could easily get shared across sessions.
• If you use singletons, you need to make sure that no session-specific state is stored, and that any shared state uses appropriate locks.
• It's also worth checking your application logic - if it appears data is being shared across sessions, is it possible it's just the wrong data?

Finally, the big thing you're going to need is appropriate debug logging. You'll need to get enough information about what's going on from the log to identify where the problem is going wrong. Unfortunately these kind of contention issues can be fiddly and hard to catch, especially with a debugger, but appropriate logging will make your life much better in any case.

Of course, this is all quite vague and generic, but without more detail on the system that's inevitable. I would suggest looking for state stored on stateless beans as a first step though!