Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Received-SPF: pass (nike.apache.org: domain of stanlick@gmail.com designates
 64.233.162.236 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=kYsSo+anZaQxxb7toVv7GIEcAzrFeo6kzOdVj6vowJKiHxuR8PAxJTNn0RJcxu7MgBQrKyTvUlDW3yutw9U2n4KD9GaYK3UWJUOa8FmnFgPLuQCYvIhoEqkMWWNmFXyHL961lB+vUdedd2FnMT/ectto2eetbbGtBj3Mey3lWvI=
Message-ID: <fadcf8240708270423nb19ee40me066cc773068f2c5@mail.gmail.com>
Date: Mon, 27 Aug 2007 06:23:36 -0500
From: stanlick@gmail.com
To: "Struts Users Mailing List" <user@struts.apache.org>
Subject: Re: Session problem
In-Reply-To: <f359faab0708260804n36108085w5cc05c745f971e09@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_194418_5622483.1188213816055"
References: <12316190.post@talk.nabble.com>
	 <515106.12616.qm@web56715.mail.re3.yahoo.com>
	 <12318960.post@talk.nabble.com> <fao8be$j6h$1@sea.gmane.org>
	 <12324676.post@talk.nabble.com>
	 <01ce01c7e722$b27b7c50$036fa8c0@PortableGenius>
	 <12333777.post@talk.nabble.com>
	 <f359faab0708260804n36108085w5cc05c745f971e09@mail.gmail.com>

------=_Part_194418_5622483.1188213816055
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

How are you starting a new browser from this *same* machine?  If you are
pressing Ctrl-N New Window, this is your problem!  This will appear to be
two browsers, when actually it is two browser "windows" over the same
session!  You must start a second (3rd, 4th, ...) browser the way you
started the first if you truly want unique session ids.

Scott

On 8/26/07, Pavel Sapozhnikov <pavel.sapozhnikov@gmail.com> wrote:
>
> Hey what does that thing implementing ApplicationAware really do for you?
>
> On 8/26/07, Mark Rollins <mark.rollins@computer.org> wrote:
> >
> >
> > You are correct - I decided to refactor as I was pasting!! Sorry.
> >
> >
> > Rod Bollinger wrote:
> > >
> > > This may not be the only issue but I do see a typo in setSession()...
> > >
> > > It should be: this.session = session; instead of this.session = map;
> > >
> > > -Rod
> > >
> > >
> > > -----Original Message-----
> > > From: Mark Rollins [mailto:mark.rollins@computer.org]
> > > Sent: Saturday, August 25, 2007 05:47
> > > To: user@struts.apache.org
> > > Subject: Re: Session problem
> > >
> > >
> > >
> > > This is my first Struts app, so it's quite simplistic. What I'm trying
> > to
> > > achieve is to lock down certain processes so that only one user can
> run
> > > them
> > > at a time. I intended to do this by having an application variable
> > holding
> > > the User object for the user currently running the process and
> examining
> > > this prior to starting the process and reporting who was running it if
> > it
> > > was already running.
> > >
> > > All Actions extend BaseActionSupport (this is a cut down version)...
> > >
> > > //==============================
> > >
> > > public abstract class BaseActionSupport extends ActionSupport
> implements
> > > SessionAware, ApplicationAware {
> > >
> > >     protected Map session;
> > >     protected Map application;
> > >
> > > ...
> > >     public void setSession(Map session) {
> > >         this.session = map;
> > >     }
> > >
> > >     public void setApplication(Map application) {
> > >         this.application = application;
> > >     }
> > > ...
> > >
> > >     public User getUser() {
> > >         return (User) session.get(CURRENT_USER);
> > >     }
> > >
> > > ...
> > >
> > >     protected boolean setProcessLock(String lockName) throws
> > > ActionException
> > > {
> > >
> > >         if(lockName.equals("")) throw new ActionException("Lockname
> not
> > > specified in setProcessLock");
> > >
> > >         User processLock=(User) application.get(lockName);
> > >
> > >         if(processLock!=null)
> > >             throw new ActionException("Process lock "+lockName+"
> already
> > > set. Use checkProcessLock() first.");
> > >         else{
> > >             application.put(lockName, this.getUser());
> > >             return true;
> > >         }
> > >     }
> > > ...
> > > }
> > >
> > > //==============================
> > >
> > >
> > > In the LoginAction, where User bean is declared with "prototype"
> > scope...
> > >
> > > ...
> > >         ApplicationContext context = SpringUtils.getApplicationContext
> > ();
> > >         User usr = (User) context.getBean("User");
> > >
> > >
> > > ...
> > >         if (usr.exists(userID)) {
> > >             usr.getUser(userID);
> > >             if (usr.validPassword(password)) {
> > >                 logger.info("User " + usr.getUserID() + " logged
> on.");
> > >                 session.put(CURRENT_USER, usr);
> > >                 return SUCCESS;
> > >             }
> > >         }
> > > ...
> > >
> > >
> > >
> > > //==============================
> > >
> > >
> > > In setProcessLock, the getUser() call returns the second user object
> > when
> > > run by the first user (using the previous example). There may be no
> > other
> > > actions between the login and the process commencing so the
> opportunity
> > > for
> > > overwriting is very limited, and I don't think this is the problem
> > (well,
> > > not directly anyway).
> > >
> > >
> > >
> > > Laurie Harper wrote:
> > >>
> > >> You have some cross-talk somewhere in your code, by the sound of it.
> > >> Take a look at any code that touches the session; you probably have
> > >> something somewhere that's at the wrong scope (in application scope
> > when
> > >> it should be session/request, a Spring bean accidentally configured
> as
> > >> singleton scope, ...).
> > >>
> > >> Without access to your source code, it's impossible to say much more
> > >> than that but if you can narrow it down and post the code that's
> > causing
> > >> the problem, someone may be able to explain why it's not working as
> you
> > >> expected.
> > >>
> > >> L.
> > >>
> > >> MARollins wrote:
> > >>> I am running everything from one machine, but access the app from
> > >>> different
> > >>> browsers in order to get different sessions (ie IE and Firefox). I
> > have
> > >>> tried the second user from another machine and it didn't make any
> > >>> difference.
> > >>>
> > >>> The app also uses Spring, but I have configured this to give me a
> new
> > >>> user
> > >>> object as required rather than the default singleton, and I'm happy
> > this
> > >>> is
> > >>> working.
> > >>>
> > >>> When logging in for the second user, I can see that the session map
> is
> > >>> empty
> > >>> for the new user's session, then session.put is called with the new
> > user
> > >>> object, and this seems OK.
> > >>>
> > >>> If I then call an action using the first user and access the session
> > >>> map,
> > >>> hey presto, I've got the user object from the second user.
> > >>>
> > >>> Server is Tomcat 5.5 and Struts is v2.
> > >>>
> > >>>
> > >>> newton.dave wrote:
> > >>>> --- MARollins <mark.rollins@computer.org> wrote:
> > >>>>> I'm having a problem whereby objects saved on the
> > >>>>> Session are visible to other sessions.
> > >>>>>
> > >>>>> For example, the login page saves a new User object
> > >>>>> on the session using session.put (I have a base
> > >>>> class
> > >>>>> for all my Actions which implements SessionAware in
> > >>>>> order to be able to access Session variables). When
> > >>>> a
> > >>>>> second user logs on, the first user then sees the
> > >>>>> second user's ID. It's almost like we're writing to
> > >>>>> the application rather than the session.
> > >>>>>
> > >>>>> Any ideas where I'm going wrong?
> > >>>> Not with so little information to go on.
> > >>>>
> > >>>> Is the "second user's login" happening from a
> > >>>> different machine and / or different browser?
> > >>>>
> > >>>> d.
> > >>>>
> > >>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > >>>> For additional commands, e-mail: user-help@struts.apache.org
> > >>>>
> > >>>>
> > >>>>
> > >>>
> > >>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > >> For additional commands, e-mail: user-help@struts.apache.org
> > >>
> > >>
> > >>
> > >
> > > --
> > > View this message in context:
> > > http://www.nabble.com/Session-problem-tf4324658.html#a12324676
> > > Sent from the Struts - User mailing list archive at Nabble.com.
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > For additional commands, e-mail: user-help@struts.apache.org
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > > For additional commands, e-mail: user-help@struts.apache.org
> > >
> > >
> > >
> >
> > --
> > View this message in context:
> > http://www.nabble.com/Session-problem-tf4324658.html#a12333777
> > Sent from the Struts - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
>
> --
> Pavel Sapozhnikov
> xFact, Inc
> pavel@xfact.com
>


-- 
Scott
stanlick@gmail.com

------=_Part_194418_5622483.1188213816055--