File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes session management in tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "session management in tomcat" Watch "session management in tomcat" New topic

session management in tomcat

etrivelli nainar

Joined: Feb 14, 2002
Posts: 5
hello, I'm writing a transaction servlet. This will be accessible by many customers on the webpage. I'm adding the code in my doPost method of servlet as follows:
HttpSession session = request.getSession(false);
I'm creating a new session if the session is null. If two customers submit their information simultaneously, information from the first customer is getting displayed to the second customer. The same code is working great if I run it on websphere app server 3.5. When I put the same code on Tomcat 4.x, some of the information from the first customer is getting displayed to the second customer and vice versa. Where am I wrong?
Andy Bowes
Ranch Hand

Joined: Jan 14, 2003
Posts: 171
It sounds as if both users are using the same session id. Have you checked the id on the user's session object to see if they match? I am not aware of any known issue on Tomcat 4 relating to this issue.
Alternatively, are you sure that your servlet is thread-safe ? Are you using any instance variables defined on the servlet class ?
Hope this helps

Andy Bowes<br />SCJP, SCWCD<br />I like deadlines, I love the whoosing noise they make as they go flying past - Douglas Adams
etrivelli nainar

Joined: Feb 14, 2002
Posts: 5
How do I create thread-safe servlet (multi-threading)?
etrivelli nainar

Joined: Feb 14, 2002
Posts: 5
I did synchronize the doPost method. But, I dont think its the best solution if I'm expecting many hits. Any advise?
William Brogden
Author and all-around good cowpoke

Joined: Mar 22, 2000
Posts: 13036
NO! In a properly written servlet you should NEVER have to synchronize doGet or doPost. If information is getting mixed up between users than it is a very good bet that you have one or more instance variables in the servlet that contain user specific information. No matter what happens, the engine should never give the same sessionID to two separate user requests.
There is a big conceptual jump you have to make between programming single user applications and servlets. You simply can't use instance variables the way you would in a single user application. Since each request is processed in its own Thread, local variables are automatically safe.
All user data should be stored in variables that are local to doGet or doPost, create them and store them in the session. On the next request, get them back from the session.
If your user specific information is more complex than a couple of Strings, why not create a class specifically to hold it? Store that in the session and you are in business. The automatic session cleanup will dispose of the object if the user is inactive. Make that object serializable if you want long term storage.
I agree. Here's the link:
subject: session management in tomcat
It's not a secret anymore!