It seems that sometimes one user gets the data of a different user -- one that is concurrently logged in, or has been logged in earlier in the day. For example, User A does some work, perhaps modifying Row 1, and logs off. User B does some work, and does a save on Row 2. User B may have Row 1 in his VO, but isn't interested in modifying Row 1. And yet, logs show that User B has inadvertently modified Row 1.
Now other programmers caution that this type of problem can be caused by storing the reference of an App Module in an instance variable. I checked my code, and it appears that I do not do this. Is there any other scenario to look for?
What is the best way to catch this condition? I am wondering if, during passivation, I should get the HTTP Sess ID, and store it as user data in the passivation user data. Then during activation, retrieve that stored session id, then retrieve the HTTP Sess ID, and compare them. If they do not match, I've caught the bad behavior. Is that a good approach?
Getting Sess Id
| | HttpSession session = (HttpSession)ectx.getSession(false); |
| | String jSessionId = session.getId(); |
| | |