Make sure cookies are enabled. If they are:
There are two options (1) that it is indeed the same session and that
there is a huge Tomcat bug (2) that these are two separate sessions
but that you are somehow mixing the data - local bug.
To determine which is it, you could do a toString() on the session
and print it to the page. If the strings differ, tomcat is doing fine
and you should check where you mix the variables.
Yuval Perlov
http://www.r-u-on.com/
On Feb 26, 2008, at 5:58 AM, Sascha Monteiro wrote:
Hi,
I am struggeling with securing my pages where private data needs to
be read from a table.
I am using JSP in Tomcat5.5.23 btw. (which is hosted at eatj.com)
If I login on my page with 2 different userID's, from 2 different
computers (but sharing a Internet connection..!!!)
I will suddenly see data from the other userID, which is pretty
sensitive (financial information)
When a user logs in, I am setting the userID and the table to use with
session.setAttribute("username"rs.getString(1));
session.setAttribute("tablename"rs.getString(3));
then when I need to query the database, I use
session.getAttribute("tablename");
I have put <%=session.getId()%> in the head,
and I see the ID appearing, but suddenly changes when navigating
between pages... :-(
I hope this makes sense and that someone can help me...
I only found an old bug re duplicateID's, but that was in 2005...
cheers
Sascha
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
