Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Session problem  RSS feed

 
Michelle Lee
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi:
I got some problem with my login page.
In my web application. I
1) Take username and password as input in a simple JSP file
2) Then authenticate this username and password with the database
3) write this code to add username into a session:
session.setAttribute("loginname", username);
4) in the following page, use getAttribute("loginname") to check the session is valid.
but after I successfully login as personA in browserA,
and then open browserB, login as personB.
then sometimes (it seems not always happen), the
person in browserA change to personB.
Do you think if it is depend on if I enable cookie in browser.
What is wrong with my session.
Thank you in advance.
 
Arun Boraiah
Ranch Hand
Posts: 233
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are using same system to login as two user then the problem can occur. If you are using same system then try using diffrent browser (example one netscape and other browser IE ).
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds to me like you have a String variable in your JSP that is an instance variable. Instance variables are shared between all users.
Bill
 
Michelle Lee
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Arun and William.
Sorry william, I didn't got you. Do you mean in one of my jsp file, I defind a variable like
<%! String variable_name %>
and this variable can be shared by all users.
I thought before only variable which stored in
"application" variable can be shared by all the users.
What I actually did is in my first page: index.jsp
I have a form (which submit to itself:index.jsp)to allow user enter their username and password,
after validate, I install username into session
variable. I install a lot of other things like user preference (which is a java object) in session too.
After I open the second broswer,
I can see it has its own sessionId, I stored same
set of variables (like username, user preference, but with difference values)into session. In the following jsp page after login, I can see, they still have difference sessionId.
What happen is when I went back to first page, refereshed it, the jsps in first browser read values from the second session variable. It seems they share same session variable. How this chould
be possible?
Mei

:roll:
[ January 20, 2003: Message edited by: Mei Xiao ]
[ January 20, 2003: Message edited by: Mei Xiao ]
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A variable declared like this:

is an instance variable and is indeed shared by all requests. People typically use "beans" in "session" scope managed by the JSP engine to hold data that is specific to a particular user.
Any book or tutorial on JSP will give you the details.
Bill
 
Michelle Lee
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you William, now I understand a simple jsp rule at last!
I carefully check my program, I cannot find I
stored any sensitive infomation as a instance variable.
I cannot reproduce the error though,
until I go to a jsp page which through a compiling
error, I go back to the previous page, NOW
it happen again, Refresh it, very thing's fine again. Will a broken jsp page and then "go back"
cause browser read from a newer cached session?
Sorry, It seems sound wired.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!