Session consistency in service bean

My app involves queries in service beans to populate user’s information into the UI.

For example:

InfoServiceBean,java:
public void getInfo() {
try(Transaction tx = persistence.createTransaction()){
Query query = persistence.getEntityManager().createNativeQuery(
“select NAME, BIRTHDAY from INFO_TABLE where USER_ID = #id”);
query.setParameter(“id”,userService.getUserId());
tx.commit();
}
}

UserServiceBean.java:
@Override
public String getUserLogin() {
return userSessionSource.getUserSession().getUser().getLogin();
}
@Override
public long getUserId() {
long userId = 0;
try(Transaction tx = persistence.createTransaction()){
Query query = persistence.getEntityManager().createNativeQuery(“select USER_ID from USER_TABLE where USER_NAME = #username”);
query.setParameter(“username”,getUserLogin());
userId = query.getSingleResult().toString();
tx.commit();
}catch(Exception e){
logger.error("Exception from getuserId ",e);
}
return userId;
}

Using this approach, there has been situations where user A login and see info of user B when both users are logging in around the same time.

I’m using Kubernetes with multiple pods active at the same time. I notice there’s an internal restart of the pod when this situation is happening.

Any idea what could be causing this?

Can you experiment and try to use DataManager (security model aware) instead of EntityManager?
Enclose with authentication.begin() and authentication.end() to authenticate system user as this is happening in the core module.

Thanks for the response @mbucan

If I understand correctly from https://doc.cuba-platform.com/manual-latest/system_authentication.html it says “However, there are situations when the current thread is not associated with any system user” and “This kind of authentication is called “system authentication” as it requires no user participation”.

Is this still valid in my case where the users are the ones querying? Apologies if I misunderstood.

Did you configure the application to work in cluster?