tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kief Morris <>
Subject Re: one session per user?
Date Thu, 15 Feb 2001 09:21:42 GMT
mike niemaz typed the following on 09:40 AM 2/15/2001 +0100
>    I'm having troubles to understand how really sessions are working.
>    I'm using a servlet to handle every client requests and I'm using
>    & session to display & various objects between frames, such as:
>    HttpSession session = req.getSession(false);
>    Toto toto = session.getAttribute("toto");
>    if (toto.getName() == "mike")
>        toto.setInfotoDisplay("Hi mike, waza?");
>    else if (toto.getName() == "alain")
>        toto.setInfotoDisplay("Tcho alain, ca boom?");
>    ...
>    session.setAttribute("toto", toto);
>    My concern is that I really thought that the object I
>    get with "getAttribute" on sessions were attached
>    to the according user.
>    But apparently not, it looks like my object Toto is shared
>    amongst my clients and thus everything is f**** up ;-(
>    Any idea how I could stick a session per user?

Normally sessions do work just fine per user. However it's easy to make
mistakes with scope which can produce the kinds of problems you're
talking about: static variables, class variables in a servlet class or
<%! Toto toto = new Toto() %> in JSP pages, or reusing the same
object by changing its values and inserting it into a session for a
different user, etc. For example, if you have

    Toto toto = new Toto();

    doGet(...) {
        toto.setName = ...
        session.setAttribute("toto", toto);

In this case, the Toto object _will_ be shared between users, because
only one object is ever created.

But it's hard to say what the problem is without seeing the real code, or at
least a boiled down example of the code which you have compiled and verified 
still has the problem.


View raw message