struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rod Bollinger" <>
Subject RE: Session problem
Date Sat, 25 Aug 2007 14:17:40 GMT
This may not be the only issue but I do see a typo in setSession()...

It should be: this.session = session; instead of this.session = map;


-----Original Message-----
From: Mark Rollins [] 
Sent: Saturday, August 25, 2007 05:47
Subject: Re: Session problem

This is my first Struts app, so it's quite simplistic. What I'm trying to
achieve is to lock down certain processes so that only one user can run them
at a time. I intended to do this by having an application variable holding
the User object for the user currently running the process and examining
this prior to starting the process and reporting who was running it if it
was already running.

All Actions extend BaseActionSupport (this is a cut down version)...


public abstract class BaseActionSupport extends ActionSupport implements
SessionAware, ApplicationAware {

    protected Map session;
    protected Map application;

    public void setSession(Map session) {
        this.session = map;

    public void setApplication(Map application) {
        this.application = application;

    public User getUser() {
        return (User) session.get(CURRENT_USER);


    protected boolean setProcessLock(String lockName) throws ActionException

        if(lockName.equals("")) throw new ActionException("Lockname not
specified in setProcessLock");

        User processLock=(User) application.get(lockName);

            throw new ActionException("Process lock "+lockName+" already
set. Use checkProcessLock() first.");
            application.put(lockName, this.getUser());
            return true;


In the LoginAction, where User bean is declared with "prototype" scope...

        ApplicationContext context = SpringUtils.getApplicationContext();
        User usr = (User) context.getBean("User");

        if (usr.exists(userID)) {
            if (usr.validPassword(password)) {
      "User " + usr.getUserID() + " logged on.");
                session.put(CURRENT_USER, usr);
                return SUCCESS;


In setProcessLock, the getUser() call returns the second user object when
run by the first user (using the previous example). There may be no other
actions between the login and the process commencing so the opportunity for
overwriting is very limited, and I don't think this is the problem (well,
not directly anyway).

Laurie Harper wrote:
> You have some cross-talk somewhere in your code, by the sound of it. 
> Take a look at any code that touches the session; you probably have 
> something somewhere that's at the wrong scope (in application scope when 
> it should be session/request, a Spring bean accidentally configured as 
> singleton scope, ...).
> Without access to your source code, it's impossible to say much more 
> than that but if you can narrow it down and post the code that's causing 
> the problem, someone may be able to explain why it's not working as you 
> expected.
> L.
> MARollins wrote:
>> I am running everything from one machine, but access the app from
>> different
>> browsers in order to get different sessions (ie IE and Firefox). I have
>> tried the second user from another machine and it didn't make any
>> difference.
>> The app also uses Spring, but I have configured this to give me a new
>> user
>> object as required rather than the default singleton, and I'm happy this
>> is
>> working.
>> When logging in for the second user, I can see that the session map is
>> empty
>> for the new user's session, then session.put is called with the new user
>> object, and this seems OK.
>> If I then call an action using the first user and access the session map,
>> hey presto, I've got the user object from the second user.
>> Server is Tomcat 5.5 and Struts is v2.
>> newton.dave wrote:
>>> --- MARollins <> wrote:
>>>> I'm having a problem whereby objects saved on the
>>>> Session are visible to other sessions. 
>>>> For example, the login page saves a new User object
>>>> on the session using session.put (I have a base
>>> class
>>>> for all my Actions which implements SessionAware in 
>>>> order to be able to access Session variables). When
>>> a
>>>> second user logs on, the first user then sees the 
>>>> second user's ID. It's almost like we're writing to 
>>>> the application rather than the session. 
>>>> Any ideas where I'm going wrong?
>>> Not with so little information to go on.
>>> Is the "second user's login" happening from a
>>> different machine and / or different browser?
>>> d.
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Struts - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message