Hi,
I am struggeling with securing my pages where private data needs to be read
from a table.
I am using JSP in Tomcat5.5.23 btw. (which is hosted at eatj.com)
If I login on my page with 2 different userID's, from 2 different computers
(but sharing a Internet connection..!!!)
I will suddenly see data from the other userID, which is pretty sensitive
(financial information)
When a user logs in, I am setting the userID and the table to use with
session.setAttribute("username"rs.getString(1));
session.setAttribute("tablename"rs.getString(3));
then when I need to query the database, I use
session.getAttribute("tablename");
I have put <%=session.getId()%> in the head,
and I see the ID appearing, but suddenly changes when navigating between
pages... :-(
I hope this makes sense and that someone can help me...
I only found an old bug re duplicateID's, but that was in 2005...
cheers
Sascha
