In general, not specific to tomcat, it appears to me that you might be
updating, say, a session-scoped object in one location, and an
application-scoped object elsewhere. That might explain how data from one
session becomes visible to another. Consider this example:
User A logs on, creates an object named 'foo' and puts it inadvertently into
the application context. This is where the mistake happens, as it should have
been session scope.
User B then logs on. When user B attempts to create an object named 'foo' and
place it in the session scope (what should be happenning), this process
fails. Hence, for user B, there is no session-scoped object named 'foo'.
User B attempts to display object 'foo'. When user B uses (either directly or
indirectly) pageContext.findAttribute('foo'), all of the various scopes are
searched until an object named 'foo' is found. This is executed in the order:
page, request, session, application. Hence, user A's version of 'foo' will
only be made available to user B when B's setAttribute() method call fails.
Yes, I'm one of those sick people that likes to speculate and hypothesize alot
when presented with vague questions.
-Mark Howell
mark at nullcraft.org
Aron Kramlik wrote:
>
> Hi,
>
> We have been running TC 3.1/3.2/3.2.1 for the past year and a bit and we
> have seen
> twice a very strange problem which is now of concern as our product goes
> live to the
> public more and more.
>
> While filling in a registration form from screen to screen and saving the
> data in beans
> the user gets to the last page (confirm details) and all the details are for
> a different user
> (i.e. different session which was registered before, not on the same
> computer and
> probably not active anymore).
>
> I know this is very vague but are there any suggestions that people might
> have that
> could cause this problem. Obviously this is very serious from an
> application point
> of view and not necessarily a TC problem.
>
> Thanks in advance,
> Aron Kramlik.
