Joel McNary wrote:. . . Perhaps you are confused by the fact . . . .
Tim Holloway wrote:Do I read this correctly?" It looks like you only put one entry into the Map, but pulled and printed it twice.
Carey Brown wrote:What makes you think these two objects have the same key? Note that 'id' is not the key the way it has been written.
Tim Holloway wrote:I have a bigger doubt. DON'T WRITE YOUR OWN SECURITY. Unless you are a full-time professionally-trained security professional, it's about 95% certain that someone can crack your security system. And, based on what I've seen over the years, about an 85% chance that non-technical people will be able to bypass security in 15 minutes or less. That includes systems designed by the in-house "genius".
J2EE/JEE defines a standard container-based security subsystem. In nearly 20 years, I've never heard of it being breached. It's pre-written, pre-debugged, tested by security pros, well-documented, and best of all, it blocks most security attacks before they can attack the web application itself. Consider using it.
Spring also provides a finer-grained security system itself, which I believe actually can work in concert with container security.
So there's no excuse for writing your own security management in most cases.
"That means if you inject a UserLogin for two different user sessions during the same lifetime of the application, both will have the same UserLogin instance injected."