Are these accessing your application via some kind of proxy or load balancer?
Could the session-tracking cookies or jsessionid URL params be somehow mixed up across your users?
On Thu, Sep 15, 2011 at 11:07 AM, benfreefly
<[hidden email]> wrote:
I have an app that has been deployed for a couple of weeks now, using the
default options setup by spring security core using the s2-quickstart
script. Recently I've been getting reports that sometimes when people login
with their own username and password, they sometimes are logged in as an
entirely different user. I haven't modified the login routine in the
LoginController in any way from the default and the user object I'm
returning to the main page is determined with
springSecurityService.currentUser.
I can't actually duplicate the problem myself (I can login 100+ times and
never see someone else's account), but I can't see how it could be user
error to end up unwillingly on someone else's account either.
Has anyone seen problems like this before or have any ideas how I can track
down what is going on?
--
View this message in context: http://grails.1312388.n4.nabble.com/Odd-Spring-Security-behavior-logging-in-wrong-user-tp3816050p3816050.html
Sent from the Grails - user mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe from this list, please visit:
http://xircles.codehaus.org/manage_email
Locked
