How to reproduce "Multi-user Concurrency problems" in a resource constrained test environment
Scenario:
In the case of simultaneous use by multiple users, cookie-based hangs are sometimes overridden, forcing one user to see the information of other users.
The session is entirely cookie-based, and every request to the server is authenticated against the database through the encoded values ββin the cookies for the actual user and session.
The app uses spring MVC framework. The app works great, except when hundreds of users visit the site at the same time. There are several concurrent problems. One user's data is exchanged with another.
We are experiencing problems reproducing the issue. We have limited testing resources, which are the tools / methods that we must follow to reproduce the problem.
source to share
This scenario is intended to breach security.
I reproduced this scenario while I was doing a system test, but I'm not entirely sure if this will apply in your case as well. Hope below steps are helpful in your case.
Steps to reproduce:
- Log in with User A in one browser and User B in another browser.
- Do some of the steps to modify the existing screen for User A and do not do anything on User B.
- Save / send recently changed data for user A.
- Do not log out an existing user (A).
-
Check Backend DB for recently changed data and timestamp against user A.
At this point the DB should have reset the original parameters as they are.
Now try doing any data modification for user B.
- Check Backend DB for recently changed data and timestamp against user B.
The DB must require resetting the values ββof the original parameters
The session exchange action for the second user B
should not occur, and the second user B
should have a different session identifier than the first user A
.
source to share