Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 87574 invoked from network); 21 Jul 2006 00:36:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 21 Jul 2006 00:36:56 -0000 Received: (qmail 70065 invoked by uid 500); 21 Jul 2006 00:36:42 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 70046 invoked by uid 500); 21 Jul 2006 00:36:42 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 70035 invoked by uid 99); 21 Jul 2006 00:36:42 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 20 Jul 2006 17:36:42 -0700 X-ASF-Spam-Status: No, hits=2.8 required=10.0 tests=DNS_FROM_RFC_ABUSE,DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [66.163.179.131] (HELO web35507.mail.mud.yahoo.com) (66.163.179.131) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 20 Jul 2006 17:36:42 -0700 Received: (qmail 82371 invoked by uid 60001); 21 Jul 2006 00:36:21 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=3F4DZVGgaqDBsF3ye9chT3NDLh4sLuMT7Q6LS6VkV6CdgvvZ3Zy1E7gY6yav/rWa9EqzS9KkkAw72DX9wUfcoM+frJDZTUmD1MwMsL0oG7gpAezdYbg0d2Ol+C1M+BjXpjsx3XMJ1KTKOIKeHzOL0zrdI0lDUMz0S8N6R/6heX0= ; Message-ID: <20060721003621.82369.qmail@web35507.mail.mud.yahoo.com> Received: from [58.33.205.17] by web35507.mail.mud.yahoo.com via HTTP; Thu, 20 Jul 2006 17:36:21 PDT Date: Thu, 20 Jul 2006 17:36:21 -0700 (PDT) From: Dave Subject: getSession() thread-safe? User A can see user B's account To: Tomcat Users List MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0-745740428-1153442181=:79672" Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --0-745740428-1153442181=:79672 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Is the following method thread-safe? I use my own way for authentication. After authenticated, a user info is put into session, when logout, call session.invalidate(); Current symptom is: a user info gets into another user's session. So sometimes User A can see User B's info. The way to get session: is it thread-safe? public static HttpSession getHttpSession(boolean create) { FacesContext context = FacesContext.getCurrentInstance(); return (HttpSession)context.getExternalContext().getSession(create); } If a user clicks two buttons at the same time(two requests belong to one same session), will it be thread-safe? Thanks for help. --------------------------------- Yahoo! Music Unlimited - Access over 1 million songs.Try it free. --0-745740428-1153442181=:79672--