tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: realm login and user session are not the same
Date Thu, 21 Feb 2008 17:58:34 GMT
> From: Pierrick Terrettaz [mailto:tomcat@electronet.ch] 
> Subject: realm login and user session are not the same
> 
> When a user logs in through the realm authentification 
> FORM method in the website, the username and login are 
> well checked but the user come in with the session of 
> an other user with roles of this other user.

This is almost certainly a problem in your webapp.  It's usually caused
by storing request- or session-specific references in the wrong scope
(e.g., placing a reference to the current request in a servlet instance
or static field).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message