tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Lunnon" <b...@mirrim.com.au>
Subject RE: two users see the same session
Date Fri, 07 Nov 2003 08:12:22 GMT
Nikhil,

I have seen this problem occur when using JSP and incorrectly defining
session variables or beans in the declaration part of the script.

e.g

<%!
BeanClass bean = new BeanClass();
%>

Make sure only initialise session variables or bean classes
in the context scope

ie
<%
BeanClass bean = new BeanClass();
%>

Would suggest visual inspection of all code and JSP pages to make sure this
is not occuring!

Hope this helps


Bill
-----Original Message-----
From: Nikhil G. Daddikar [mailto:ngd@celoxis.com]
Sent: Friday, 7 November 2003 4:03 PM
To: tomcat-user@jakarta.apache.org
Subject: two users see the same session


Hello Folks,

Sometimes our users get to see information stored in the session of
another user. We've verified this because they have sent us screen captures.

The question is how? We have one server, one tomcat (4.1.27), and we use
the default i.e. cookie based sessions.

If anyone of you can shed some light on this or tell me how to prevent
this, that will be great.

Thanks for your time.
Nikhil


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message