Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 23656 invoked from network); 22 Jan 2007 22:09:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Jan 2007 22:09:00 -0000 Received: (qmail 1916 invoked by uid 500); 22 Jan 2007 22:08:54 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 1723 invoked by uid 500); 22 Jan 2007 22:08:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 1712 invoked by uid 99); 22 Jan 2007 22:08:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Jan 2007 14:08:53 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [63.240.77.82] (HELO sccrmhc12.comcast.net) (63.240.77.82) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Jan 2007 14:08:43 -0800 Received: from [192.168.1.47] (c-69-143-26-154.hsd1.va.comcast.net[69.143.26.154]) by comcast.net (sccrmhc12) with ESMTP id <2007012222082101200m26ghe>; Mon, 22 Jan 2007 22:08:21 +0000 Message-ID: <45B535D3.10308@christopherschultz.net> Date: Mon, 22 Jan 2007 17:08:19 -0500 From: Christopher Schultz User-Agent: Thunderbird 2.0b1 (Windows/20061206) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Tomcat 4.x (Major Problem) References: <7095b820701191013l72694e7dk623d65cc7c2c4e0d@mail.gmail.com> <7095b820701221339m59e3a61ct33850641d2fd1528@mail.gmail.com> In-Reply-To: <7095b820701221339m59e3a61ct33850641d2fd1528@mail.gmail.com> X-Enigmail-Version: 0.94.1.2.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy, Andy Moller wrote: > String commonName = (String)session.getAttribute("commonName"); > String[] value1 = (request.getParameterValues("value_1") != null) > ? request.getParameterValues("value_1") > : new String[0]; > > String[] value2 = > (request.getParameterValues("value_2") != null) > ? request.getParameterValues("value_2") > : new String[0]; [snip] > query= > "insert into sample_table(id,val1,common_name,val2)" > + " values (sequence.nextVal," > + singleVal1 > + ",'" > + commonName > + "','" > + val2[j] > + "')"; A few notes: 1. You are using the array "val2" here instead of "value2". Is that intentional? Or, were you somewhat obfuscating your code for publication on the list? 2. You really should be using PreparedStatements instead of string concatenation for parameter replacement. 3. These is no evidence that "commonName" ever had the value that you expected. Your initial claim was that the value was being taken from the session and, between that time and the issue of the SQL query, the value was being changed. So... what's going on here? During the processing of this request, can you ever see session.getAttribute("commonName") returning the correct value? Or, has the session really been polluted somehow, or have you really "swtiched" sessions somehow? > Where the value "nameB" is the "commonName" session attribute value from > a different session. Is there any relationship whatsoever between the session you should have and the session that you are apparently getting? Are you /sure/ that there is another session containing that value, or are you assuming that since it's not the expected value that you must be looking at another session. Is your entire application written in JSP? I'm wondering if you ever try to manage sessions yourself in any way. Try this: create an HttpSesssionBindingListener and implement the valueBound method like this: public void valueBound(HttpSessionBindingEvent esbe) { if("commonName".equals(esbe.getName())) { System.out.println("Setting session[" + esbe.getSession().getId() + "].commonName=" + esbe.getValue()); new Throwable().printStackTrace(System.out); } } This will put a full stack trace into stdout whenever the value of commonName for a session is changed. I'm assuming that you have a test plan that is reproducing this error in development, so you can watch the logs as you move through your application. Login and watch the logs. You can see when a value is poked into the session, and what that value is. If you see that the value is changing in your session (and it shouldn't be), then you'll see the stack trace of the code that's doing it. You can install this listener using a element in your web.xml like this: your.package.ComonNameSessionBindingListener This goes after any and elements and before any elements. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtTXT9CaO5/Lv0PARAjY2AJ92nhsTHaW9IQTIETpM1J40gAcwSQCeMyWr sp4svE3vaNqmhp6iCFqLWqI= =HlHR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org