NAT network connects sessions

Question

NAT network connects sessions

I am developing something for a group of users, and when I tested it, NAT users combined their information, because it was only one session. How can I break it down to show the right information to the right user?

I am using Java, JSF 1.2 and SpringSecurity.

Update:

Or, at least, how could I develop something and make sure that it is broken, and one user will get access only to his own information?

+4

java spring-security session jsf nat

pringlesinn Jan 24 '11 at 21:14

source share

3 answers

Adding to @Daniel's answer, I think the affinity based on the IP address is configured with the wrong subnet masking values. If affinity based on IP address is configured, the mask must be 255.255.255.255 in order to uniquely identify an IP based connection. This also needs to be checked on virtual IP servers.

0

Ritesh Jan 30 '11 at 0:25

source share

This sometimes happens when you have a session cookie that is not being restored properly every time a session starts. Test your session_id with different clients to test this hypothesis.

0

Dr. belisarius Feb 03 '11 at 2:03

source share

Daniel · Accepted Answer · 2011-01-24T22:54:53+0000

This may be a stupid (sorry) session call that matches sessions over IP. All your NAT users have the same external IP address, so they are combined. Better to use cookies to handle sessions.

As beliarius says, you may already be using cookies, but if cookies are created from IP, they are very useless.

If the application you are talking about is not browser-based, you will need to send cookies to your customers and you will have to process the cookies for yourself. Or simply use one TCP connection for each client and reconnect to the reconnection.

NAT network connects sessions

More articles: