struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "McDowell, Paula" <Paula.McDow...@SUG.com>
Subject RE: Session Data overlap?
Date Sun, 01 Jun 2008 18:38:22 GMT
Not sure of the affected code.  It happens periodically on all our
secure pages.  My thoughts are just guesses at this point.

Thanks for you help,
Paula

-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com] 
Sent: Saturday, May 31, 2008 10:49 AM
To: Struts Users Mailing List
Subject: RE: Session Data overlap?


very little we can help you with until we see the effected code 
for example we have account Name clearly scoped as session
<s:set name="accountName" value="accountName" scope="session" />not much
room for obfuscation here as the jobz object is clearly scoped as
request
<s:property value="#session\['accountName'\]"/>

HTH
Martin 
______________________________________________ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and
Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within
this transmission. 


> Subject: RE: Session Data overlap?
> Date: Sat, 31 May 2008 09:17:33 -0500
> From: Paula.McDowell@SUG.com
> To: user@struts.apache.org
> 
> My thoughts too, but this is when the sharing begins displaying the
data
> from another user's session.  Not realizing it is NOT their account
> information they proceed with submitting the form for an update.  For
> example, pay bill.  Without looking at the account information on the
> screen, the user assumes that since they authenticated with their user
> id and password that it is THEIR account information being displayed,
so
> they continue with entering payment information and submitting the
form.
> Originally, it was the account stored in session, but at some point,
for
> example when the pay bill page displayed, it was using the account
> object from another user's session.
> 
> I'm not sure why we are having the issue of session data being shared.
> I'm resorting to finding someone who has either seen something similar
> or can recommend a workaround.
> 
> Any suggestion at this point will be extremely helpful!
> 
> Paula
> 
> -----Original Message-----
> From: news [mailto:news@ger.gmane.org] On Behalf Of Laurie Harper
> Sent: Thursday, May 29, 2008 5:59 PM
> To: user@struts.apache.org
> Subject: Re: Session Data overlap?
> 
> That wouldn't be an issue, in and of itself; it's normal usage. What 
> makes you think that's the source of the problem?
> 
> L.
> 
> McDowell, Paula wrote:
> > There are session variables that are used in the jsps to display the
> > account information.  I think it's here where the problem lies, but
> I'm
> > not sure why.  Here is an example of the account session variable
> being
> > used on the page.  Any thoughts as to why this would be an issue?
> > 
> > Thanks,
> > Paula
> > 
> > <tr>
> > 	<td>
> > 		<c:out value="${account.custName}" />
> > 	</td>
> > </tr>
> > 
> > -----Original Message-----
> > From: Dave Newton [mailto:newton.dave@yahoo.com] 
> > Sent: Thursday, May 29, 2008 10:38 AM
> > To: Struts Users Mailing List
> > Subject: RE: Session Data overlap?
> > 
> > --- "McDowell, Paula" <Paula.McDowell@SUG.com> wrote:
> >> Thanks.  I don't have any static variables. . . I'm assuming you
are
> >> speaking of the contextRelative attribute on forwards?  If not,
> >> please explain actions defined as Context-level.
> > 
> > I think he was asking if your actions have any member variables that
> > shouldn't be shared across requests/sessions/etc.
> > 
> > Dave
> > 
> > 
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> > 
> > 
> > Private and confidential as detailed here:
> http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access
> the link, please e-mail sender.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> Private and confidential as detailed here:
http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access
the link, please e-mail sender.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 

_________________________________________________________________
Keep your kids safer online with Windows Live Family Safety.
http://www.windowslive.com/family_safety/overview.html?ocid=TXT_TAGLM_WL
_Refresh_family_safety_052008

Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail
. If you cannot access the link, please e-mail sender.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message