tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <>
Subject getSession() thread-safe? User A can see user B's account
Date Fri, 21 Jul 2006 00:36:21 GMT
Is the following method thread-safe?  
  I use my own way for authentication. After authenticated, a user info is put into session,
 when logout, call session.invalidate();
    Current symptom is: a user info gets into another user's session. So sometimes User A
can see User B's info.

  The way to get session:  is it thread-safe?
    public static HttpSession getHttpSession(boolean create) {
    FacesContext context = FacesContext.getCurrentInstance();
    return (HttpSession)context.getExternalContext().getSession(create);
  If a user clicks two buttons at the same time(two requests belong to one same session),
will it be thread-safe?
  Thanks for help.

Yahoo! Music Unlimited - Access over 1 million songs.Try it free. 
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message