• Post Reply Bookmark Topic Watch Topic
  • New Topic

Session  RSS feed

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Multiple Users
I am involved in developing a web site..where the user will be shown his User name when he tries to logout. I am setting the user name in session when he/she logs in and when he/she logs out i am removing the user name from the session.
When multiple users access the website will be there any case where there is any possibility of user name interchange..? i am not setting any thread safe mechanism.!
Thanks for replies!!
 
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A session is specific to a particular user. You wont see another person's user name but this scope is not thread safe. Synchronize with the session context to make it thread safe
 
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

when he/she logs out i am removing the user name from the session.



The best thing to do is to invalidate the session - that will release all attached references including the user name. See the HttpSession API.

Bill
 
Ranch Hand
Posts: 418
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are setting username in session,there should not be any intermixing of the data.static variables are a big problem in case of data intermixing,so make sure at any stage your username is not static.
 
Author and ninkuma
Marshal
Posts: 66692
167
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Raj Kumar Bindal:
If you are setting username in session,there should not be any intermixing of the data.



That's not entirely true. As John pointed out, sessions are not thread-safe. It was said that sessions are limited to a single user, and that's sort of true, but in reality thery're limited to a single cookie pool.

So cross-thread data contention in the session can still occur for any web page where multiple requests can be simultaneously active. This can happen if a page has frames, uses iframes, or uses Ajax.

Some browsers also share cookies across browser windows under certain circumstances which could also lead to multiple threads accessing the same session.
[ March 04, 2007: Message edited by: Bear Bibeault ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!