In servlet terms, Bill is saying to check to make sure you don't have variables defined within the servlet class. Avoid code such as this:
public class MyServlet extends HttpServlet
{
private String m_userName; public void doGet(HttpServletRequest req, HttpServletResponse res)
{
...
m_userName = req.getParameter("userName");
...
}
}This will cause problems because servlet are multi-threaded and multiple users will have access to the m_userName value. You may not have code that does something as obvious as this, but chances are high that it's somehow related. Make sure you have *no* member variables in your servlet -- or if you do, make sure they're used correctly.
justin
At 12:14 AM 11/7/2003, you wrote:
Sorry not to have mentioned this but the session code is all pure java i.e. we dont use JSP, instead we use a templating solution but there is no session stuff there.
In any case, can you tell me *why* it's occuring. I couldn't understand your example since I don't know JSP (!).
Thanks!
Bill Lunnon wrote:
Nikhil,
I have seen this problem occur when using JSP and incorrectly defining session variables or beans in the declaration part of the script.
e.g
<%! BeanClass bean = new BeanClass(); %>
Make sure only initialise session variables or bean classes in the context scope
ie <% BeanClass bean = new BeanClass(); %>
Would suggest visual inspection of all code and JSP pages to make sure this
is not occuring!
Hope this helps
Bill -----Original Message----- From: Nikhil G. Daddikar [mailto:[EMAIL PROTECTED] Sent: Friday, 7 November 2003 4:03 PM To: [EMAIL PROTECTED] Subject: two users see the same session
Hello Folks,
Sometimes our users get to see information stored in the session of
another user. We've verified this because they have sent us screen captures.
The question is how? We have one server, one tomcat (4.1.27), and we use the default i.e. cookie based sessions.
If anyone of you can shed some light on this or tell me how to prevent this, that will be great.
Thanks for your time. Nikhil
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php ____________________________________
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
