2006-07-06

This describes how your session data can get corrupted when a user has multiple tabs open. Thank goodness that the jboss seam project found a great solution.

Update 2010-12-04: The seam framework addresses this issue in the most elegant fashion using its concept of conversations. Search for jboss seam for more information.

I had been working on a web application for the Canadian Government for the past few months. The site lists all the jobs which are available internally to government employees.

We had been plagued by strange data corruption bugs. For example, we had a form users can use to apply online for a job. The user may submit the application or save a draft copy. We make the distinction using a boolean flag. When the user hits the submit button, the code does:

application.setSubmitted( true );
application.save();
sendEmailConfirmation();

Now, it has happened several times that the email confirmation gets sent but the submitted flag remains false in the database. This happens about 1 in 1000 times.

It dawned on me that this could happen if a user has two browser windows open. If they have two tabs open in Firefox and try to copy info from a saved application to a new one, data corruption will occur because they're both sharing the same session, and we've loaded the edited application into the session.

Window 1: create a new application
Window 2: retrieve an old application that wasn't submitted

Now the old application has replaced the new application in the session, and confusion results...


The only way I can see to make this bulletproof is to not store such objects in the session. However, this is a real pain, that means that all the form fields have to be pulled out of the form, validated and then put back into the form for each request, rather than binding form variables to session variables. It was much easier to bind form fields with fields in the current jobApplication object, but of course having two windows open in one session clobbers the data.