We had an extremely interesting issue in our integration environment – Every user was able to see each other’s data! First of all, like any good developers, we squarely passed it on as data issue but finally had to eat the humble pie after having our QA replicate it in front of us.
So, what was the issue? A truly dumb mistake i.e. improper use of object scoping in Spring.NET.
The thing is that we keep a reference of logged-in member in our PresenterBase class and every Presenter uses the member id property of the Member class to invoke Services to get data from our persistent storage. We had set up our Presenters as following –
<object id="resourcePresenter" type="Presenters.ResourcePresenter, Presenters" > <property name="Service" ref="resourceService" /> </object>
And, this is where the problem lies. By default, the object scope in Spring.NET is application – something we were oblivious about. Spring.NET was reusing the same instance of the ResourcePresenter it had created for another user. It used to instantiate presenters for the very first Http Request and then reuse them across Http Requests.
The correct way should have been to scope the Presenter instantiation per request –
<object id="resourcePresenter" type="Presenters.ResourcePresenter, Presenters" scope="request" > <property name="Service" ref="resourceService" /> </object>
The interesting thing is that it didn’t get caught in our unit testing as we were only using one user id to test the application.