| Author |
Session problem
|
Michelle Lee
Ranch Hand
Joined: Jan 23, 2002
Posts: 42
|
|
Hi:
I got some problem with my login page.
In my web application. I
1) Take username and password as input in a simple JSP file
2) Then authenticate this username and password with the database
3) write this code to add username into a session:
session.setAttribute("loginname", username);
4) in the following page, use getAttribute("loginname") to check the session is valid.
but after I successfully login as personA in browserA,
and then open browserB, login as personB.
then sometimes (it seems not always happen), the
person in browserA change to personB.
Do you think if it is depend on if I enable cookie in browser.
What is wrong with my session.
Thank you in advance.
|
Michelle
|
 |
Arun Boraiah
Ranch Hand
Joined: Nov 28, 2001
Posts: 233
|
|
|
If you are using same system to login as two user then the problem can occur. If you are using same system then try using diffrent browser (example one netscape and other browser IE ).
|
Sharing is learning
|
|
William Brogden
Author and all-around good cowpoke
Rancher
Joined: Mar 22, 2000
Posts: 11862
|
|
Sounds to me like you have a String variable in your JSP that is an instance variable. Instance variables are shared between all users.
Bill
|
Java Resources at www.wbrogden.com
|
|
Michelle Lee
Ranch Hand
Joined: Jan 23, 2002
Posts: 42
|
|
Thanks Arun and William.
Sorry william, I didn't got you. Do you mean in one of my jsp file, I defind a variable like
<%! String variable_name %>
and this variable can be shared by all users.
I thought before only variable which stored in
"application" variable can be shared by all the users.
What I actually did is in my first page: index.jsp
I have a form (which submit to itself:index.jsp)to allow user enter their username and password,
after validate, I install username into session
variable. I install a lot of other things like user preference (which is a java object) in session too.
After I open the second broswer,
I can see it has its own sessionId, I stored same
set of variables (like username, user preference, but with difference values)into session. In the following jsp page after login, I can see, they still have difference sessionId.
What happen is when I went back to first page, refereshed it, the jsps in first browser read values from the second session variable. It seems they share same session variable. How this chould
be possible?
Mei
:roll:
[ January 20, 2003: Message edited by: Mei Xiao ]
[ January 20, 2003: Message edited by: Mei Xiao ]
|
|
William Brogden
Author and all-around good cowpoke
Rancher
Joined: Mar 22, 2000
Posts: 11862
|
|
A variable declared like this:
is an instance variable and is indeed shared by all requests. People typically use "beans" in "session" scope managed by the JSP engine to hold data that is specific to a particular user.
Any book or tutorial on JSP will give you the details.
Bill
|
|
Michelle Lee
Ranch Hand
Joined: Jan 23, 2002
Posts: 42
|
|
Thank you William, now I understand a simple jsp rule at last!
I carefully check my program, I cannot find I
stored any sensitive infomation as a instance variable.
I cannot reproduce the error though,
until I go to a jsp page which through a compiling
error, I go back to the previous page, NOW
it happen again, Refresh it, very thing's fine again. Will a broken jsp page and then "go back"
cause browser read from a newer cached session?
Sorry, It seems sound wired.
|
|
 |
|
|
subject: Session problem
|
|
|
0
