tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikhil G. Daddikar" <...@celoxis.com>
Subject Re: two users see the same session
Date Fri, 07 Nov 2003 08:14:48 GMT
Sorry not to have mentioned this but the session code is all pure java 
i.e. we dont use JSP, instead we use a templating solution but there is 
no session stuff there.

In any case, can you tell me *why* it's occuring. I couldn't understand 
your example since I don't know JSP (!).

Thanks!


Bill Lunnon wrote:

>Nikhil,
>
>I have seen this problem occur when using JSP and incorrectly defining
>session variables or beans in the declaration part of the script.
>
>e.g
>
><%!
>BeanClass bean = new BeanClass();
>%>
>
>Make sure only initialise session variables or bean classes
>in the context scope
>
>ie
><%
>BeanClass bean = new BeanClass();
>%>
>
>Would suggest visual inspection of all code and JSP pages to make sure this
>is not occuring!
>
>Hope this helps
>
>
>Bill
>-----Original Message-----
>From: Nikhil G. Daddikar [mailto:ngd@celoxis.com]
>Sent: Friday, 7 November 2003 4:03 PM
>To: tomcat-user@jakarta.apache.org
>Subject: two users see the same session
>
>
>Hello Folks,
>
>Sometimes our users get to see information stored in the session of
>another user. We've verified this because they have sent us screen captures.
>
>The question is how? We have one server, one tomcat (4.1.27), and we use
>the default i.e. cookie based sessions.
>
>If anyone of you can shed some light on this or tell me how to prevent
>this, that will be great.
>
>Thanks for your time.
>Nikhil
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>  
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message