Session mix up - apache httpd with mod_jk, tomcat, spring security - serving data of other user

Question

Recently we have faced a serious problem, that one user was served data of another user. This problem is almost impossible to reproduce.

We are using standard logged

Answer 1

If you exclude the concurrent session problem then pretty much the only possibility is that your business logic itself is flawed, and serving another user's data. Please post code samples how the 'current user' is determined, and later used.

EDIT: bugs that manifest themselves only in production are often caused by race conditions (http://en.wikipedia.org/wiki/Race_condition). Ensure that your code uses local variables whenever possible, and employ locking/synchronization where applicable.