Drasko Kokic typed the following on 09:21 17/11/2000 -0800
>I would need to find out if Tomcat 3.1 have any known
>bugs in session management area. The problem we are
>facing at the moment is that our application is some
>times presenting information belonging to other
>customers that we suspect are concurently using the
>application.
The most common cause of this problem in my experience is using
instance variables in a servlet class in a non-threadsafe manner.
Normally only one instance of a servlet is created, and it is used
by multiple users, each in a different thread, simultaneously.
So if you have:
public class MyServlet extends HttpServlet {
String foo;
doGet (HttpServletRequest req, HttpServletResponse res) {
foo = req.getParameter ("foo");
// stuff happens
out.println ("<p>" + foo + "</p>");
out.println ("<p>" + req.getParameter ("foo") + "</p>");
}
}
... it's possible that the value of "foo" will be changed by another thread
between being set and being printed, so the value printed will be from
another user's request.
\kief
---
bitBull makes the Internet bite: http://www.bitBull.com/demos/
