File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Problem with session information Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problem with session information" Watch "Problem with session information" New topic

Problem with session information

Gary Deromedi

Joined: Sep 21, 2004
Posts: 2
I have an app using servlets. The problem is I let a user log in to make changes to the information or update/add a new record to the database. I read her user id and give her supervisor control. So lets say she is in there making changes. Ok another person logs in (not a supervisor) to view records (not necessarily the same record). Well when the first person (supervisor) goes to save the record it won't let her because it has the permissions of the last person logged in who doesn't have the right to change records. How can I stop this? Is there something in the session attributes causing this? I print out who is logged in at the moment she goes to save and it shows the supervisor's name but won't let her save. Any ideas? Thanks
Ben Souther

Joined: Dec 11, 2004
Posts: 13410

because it has the permissions of the last person logged in

What is "it".

Are you managing user rights at the context (application) level?

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Sounds more like a thread safety problem caused by instance variables.

Gary, do you have any instance variables in your servlet?
Afroz Ahmed
Ranch Hand

Joined: Jan 18, 2004
Posts: 64
It may be problem with thread issues.I think you are using local variable for user name and instance variable for the user authorizations (right to change).Instance variables are not thread safe.Use local variable instead.

The value of an idea lies in the usage of it.
I agree. Here's the link:
subject: Problem with session information
It's not a secret anymore!