[FIXED] Login fails in Webapp deployed in Apache Tomcat

Issue

I have a simple web-app deployed in Apache Tomcat which has a login page, an upload form and a logout button.

When the login form is submitted I am checking for the credentials and redirecting it to the upload page if the login is successful and if not I am re-directing the request to the login page itself.

I also have a Filter (javax.servlet.Filter) that authenticated whether each request is from a logged in user.

All was working fine yesterday, but come today even with a valid username/password I am redirected to the login page. This only happens in Chrome.

If I use Firefox or open a incognito window in chrome the flow works perfectly fine.

When I debugged, I see that request.session returns null when a redirection is made on a successful login.

My LoginServlet:

if (success) {
        ........
        ...........
        HttpSession session = request.getSession(true);
        session.setAttribute(WebAppConstants.OAUTH_TOKEN_SESSION_ATTRIB, accessToken);
        session.setAttribute(WebAppConstants.USER_SESSION_ATTRIB, username);
        session.setAttribute(WebAppConstants.IS_LOGGED_IN_SESSION_ATTRIB, true);
        session.setMaxInactiveInterval(30 * 60);

        Cookie usernameCookie = new Cookie(WebAppConstants.USER_SESSION_ATTRIB, username);
        usernameCookie.setMaxAge(30 * 60);

        response.addCookie(usernameCookie);
        response.sendRedirect(WebAppConstants.UPLOADER_JSP);
    } else {
        response.sendRedirect(WebAppConstants.INVALID_LOGIN_JSP);
    }

My LoginCheckFilter:

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
        throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) servletRequest;
    HttpServletResponse response = (HttpServletResponse) servletResponse;
    HttpSession session = request.getSession(false);

    String loginURI = request.getContextPath() + "/login.html";
    String uri = request.getRequestURI();
    this.context.log("Requested Resource::" + uri);

    if (session == null && !(uri.endsWith("html") || uri.endsWith("login"))) {
        this.context.log("Unauthorized access request");
        response.sendRedirect(loginURI);
    } else {
        filterChain.doFilter(request, response); // Logged-in user found, so just continue request.
    }
}

Why is this happening with the Chrome browser?? Have I handled stuff correctly.

Thank You

Solution

I tried removing cookies in Chrome and my login chain worked without an issue.

However, I am still trying to get a clear understanding of what actually happened (with chrome) and how did clearing cookies help me.

EDITED:

As per Shadab Faiz's comment above the below answer seems accurate and thus am accepting it:

What happens is that sometimes browser may store previous request data. So when you input wrong credentials, it stored that request. So from next one onwards, whenever you inputted correct info, the previous request with wrong info was sent.

Thanks

Answered By - Shabirmean
Answer Checked By - David Goodson (JavaFixing Volunteer)