File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Session leakage problem in Servlet  Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session leakage problem in Servlet  " Watch "Session leakage problem in Servlet  " New topic

Session leakage problem in Servlet

sateesh muggalla

Joined: Nov 03, 2010
Posts: 1
Hi -

I have a servlet like this:
public class AServlet extends HttpServlet implements{

private DBUser User = null;

public void service(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException {
String sAction=(req.getParameter("ACTION")!=null)?req.getParameter("ACTION"):"";

User = (DBUser)req.getSession().getAttribute("User");
if (sAction.trim().equals("ADDNOTE")) AddNote(req, res);
}catch (Exception e){

public void AddNote(HttpServletRequest req, HttpServletResponse res)
throws SQLException, IOException, ServletException, RuntimeException{
Connection c=DBConn.getDBConn(User.getCompanyDB());
Statement s1=c.createStatement();

System.err.println("Add Notes");

HttpSession session = req.getSession(true);
Project qp=(Project)session.getAttribute("qp");


I have one more session which is there in Addnote(req,res) is qp ...It is giving correct results but when I print the User session details .. It is showing some other user details.

If any two users try to print the User details in is taking the last hitted User details..

Is the problem with DBUser define.....
Here qp session is returning the current values but only User session is overriding .....

Can any one help me out of this error?

Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63865

Please be sure to use code tags when posting code to the forums. Unformatted or unindented code is extremely hard to read and many people that might be able to help you will just move along to posts that are easier to read. Please click this link ⇒ UseCodeTags ⇐ for more information.

Properly indented and formatted code greatly increases the probability that your question will get quicker, better answers.

[Asking smart questions] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63865

Looks like you have an instance variable in your servlet. That's a big no-no!

Servlets need to be written in a thread safe manner. Instance variables violate that. The instance is shared across all requests. This has nothing to do with the session.
I agree. Here's the link:
subject: Session leakage problem in Servlet
It's not a secret anymore!