I am experiencing a strange behavior in our system. We have several applications in a distributed architecture.
We are using JBoss AS 4.2.3
Recently we discovered that several users are using the very same session id. The logs show a user using a particular session id and later a different user in a different machine using the very same session id.
From my point of view theoretically it is impossible different users having the same session id.
So my question is - In which circumstances or how is it possible the application server generate the same session id and/or suddenly a user start to use a already existent and active Session?
Following is a peace of the logs that shows this behavior:
host app2
sessionId: 62D992A8C76E1D8C1271AE0D19D66A85.jboss2 IP: 10.42.7.13 - session creator duplicate session user 10.42.7.103 at 16:12:00,347, previously session CC488153FA27A26A3F86A9072514AC16.jboss2 at 16:11:12,061 (driverOccupation) took session 62D992A8C76E1D8C1271AE0D19D66A85, again driverOccupation
Thank you very much.
