My WebApp is a Java + Primefaces based ERP. Our user login generates a session, and makes AJAX calls in order to update content without refreshing or url changes. The JSF param "STATE_SAVING_METHOD" has a default value and actually works fine on GCE with Tomcat and on a local machine with Jetty. The GAE configuration is manual for only 1 istance.
Case 1:
- User X opens the WebApp
- X inserts username/password. If correct, there's a messagge "Welcome X" and a new cookie JSESSIONID
- User Y opens the WebApp, from the same IP (different browser in same computer or different computer in same network with static IP)
- Y skips the login and see the message "Welcome X", without cookie JSESSIONID generation
- Y makes another action (e.g. click on "products" page), but instead of opening it is redirected to the login screen.
Why Y log in to automatically with X username?
Case 2:
- User opens the WebApp
- He calls an action (with AJAX) and all works fine
- User refreshes the page and all active actions (stored in session) are hidden
- If the user makes another action, the previous actions are restored and the new action is added
JSESSIONID mantains the same value for all the time.
I think the problem is session or saving state related, and caused by Load Balancer/GAE Flex.
Did I missed any information about session/state that works differently between GCE and GAE Flex?
Thanks for your answers!