tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Ruthenbeck <just...@nextengine.com>
Subject Re: two users see the same session
Date Fri, 07 Nov 2003 19:51:34 GMT

In servlet terms, Bill is saying to check to make sure you don't have 
variables defined within the servlet class.  Avoid code such as this:

public class MyServlet extends HttpServlet
{
     private String m_userName;

     public void doGet(HttpServletRequest req, HttpServletResponse res)
     {
         ...
         m_userName = req.getParameter("userName");
         ...
     }
}

This will cause problems because servlet are multi-threaded and multiple 
users will have access to the m_userName value.  You may not have code 
that does something as obvious as this, but chances are high that it's 
somehow related.  Make sure you have *no* member variables in your 
servlet -- or if you do, make sure they're used correctly.

justin


At 12:14 AM 11/7/2003, you wrote:
>Sorry not to have mentioned this but the session code is all pure java 
>i.e. we dont use JSP, instead we use a templating solution but there is 
>no session stuff there.
>
>In any case, can you tell me *why* it's occuring. I couldn't understand 
>your example since I don't know JSP (!).
>
>Thanks!
>
>
>Bill Lunnon wrote:
>
>>Nikhil,
>>
>>I have seen this problem occur when using JSP and incorrectly defining
>>session variables or beans in the declaration part of the script.
>>
>>e.g
>>
>><%!
>>BeanClass bean = new BeanClass();
>>%>
>>
>>Make sure only initialise session variables or bean classes
>>in the context scope
>>
>>ie
>><%
>>BeanClass bean = new BeanClass();
>>%>
>>
>>Would suggest visual inspection of all code and JSP pages to make sure 
>>this
>>is not occuring!
>>
>>Hope this helps
>>
>>
>>Bill
>>-----Original Message-----
>>From: Nikhil G. Daddikar [mailto:ngd@celoxis.com]
>>Sent: Friday, 7 November 2003 4:03 PM
>>To: tomcat-user@jakarta.apache.org
>>Subject: two users see the same session
>>
>>
>>Hello Folks,
>>
>>Sometimes our users get to see information stored in the session of
>>another user. We've verified this because they have sent us screen 
>>captures.
>>
>>The question is how? We have one server, one tomcat (4.1.27), and we use
>>the default i.e. cookie based sessions.
>>
>>If anyone of you can shed some light on this or tell me how to prevent
>>this, that will be great.
>>
>>Thanks for your time.
>>Nikhil
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


____________________________________
Justin Ruthenbeck
Software Engineer, NextEngine Inc.
justinr - AT - nextengine DOT com
Confidential. See:
http://www.nextengine.com/confidentiality.php
____________________________________


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message