Session handling - Vaadin 24

Amal.4 · July 24, 2024, 4:28pm

Hi All, I am facing an issue with session handling in Vaadin 24 application.

The use case is,

First user ‘User 1’ is logged into the application via chrome browser, a session is established for the user. Now the second user ‘User 2’ is also logged into the application via Firefox, a new session is established for the User 2.

The issue is, when User 1 makes a request to the server, the response is coming to User 2. The response is always coming to the latest session registered in the application.

Could anyone help here?

Best Regards,
Amal

marcoc_753 · July 24, 2024, 4:56pm

That’s really weird.
Are you perhaps using static fields referencing UI components?

Could you share your code?

Amal.4 · July 25, 2024, 7:01am

No static fields are used in the application.

marcoc_753 · July 25, 2024, 7:26am

It’s difficult to guess other causes, without knowing the application.

Tatu2 · July 25, 2024, 10:13am

If it is not due static fields, it could be wrong use of Singleton pattern or ApplicationScope. But clearly you have implemented the authentication in odd way so that user is singleton or application scope. It is container that does the HttpSession, not Vaadin, so it is quite clear that request is going to right session. It is your user management that has an error.

OnDemand · July 25, 2024, 12:17pm

Do you use Spring Boot? Take care of the annotation your are using. If you add @ Singelton only one Instance of your Object will be created then

Amal.4 · August 2, 2024, 6:32am

Yes we use Spring Boot.

I am navigating to the home page using Route(“”), On load I am creating the Context Object and registering the required beans. But when a new user is logging in, the context object is replaced.

Please find the code snippet below,

@Route(")
pubilc class MyApplication(){
	private ApplicationContext rootContext;
	
	private AnnotationConfigApplicationContext ctx;
	 
	pubilc MyApplication(){
		initServices();
		userLogin();
	}
	private void initServices(){
		HttpServletRequest servletRequest = VaadinServletService.getCurrentServletRequest();
        ServletContext servletContext = servletRequest.getSession().getServletContext();
        rootContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
		//Registring the servises here
	}
	
	private void userLogin(){
		//User Login code here
		
		if(userLoginSuccess){
			loadResources();
		}
	}
	
	private void loadResources(){
		
        ctx = new AnnotationConfigApplicationContext();
        ctx.setParent(rootContext);
		//register beans to the context
		ctx.refresh();
	}
}

the ctx object is always referring to the latest object created for user login. The ctx is not singleton.

knoobie · August 2, 2024, 7:51am

I’m not sure what you wanna do with this overly complicated construct. In my understanding of spring; ApplicationContext is something globally by default - so you literally refreshed it each time a user logged in. If you just need an object holder that is unique for each user session - annotate that class with SessionScope