Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Session  RSS feed

 
Pandurangan Rakesh
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Multiple Users
I am involved in developing a web site..where the user will be shown his User name when he tries to logout. I am setting the user name in session when he/she logs in and when he/she logs out i am removing the user name from the session.
When multiple users access the website will be there any case where there is any possibility of user name interchange..? i am not setting any thread safe mechanism.!
Thanks for replies!!
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A session is specific to a particular user. You wont see another person's user name but this scope is not thread safe. Synchronize with the session context to make it thread safe
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when he/she logs out i am removing the user name from the session.


The best thing to do is to invalidate the session - that will release all attached references including the user name. See the HttpSession API.

Bill
 
Raj Kumar Bindal
Ranch Hand
Posts: 418
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are setting username in session,there should not be any intermixing of the data.static variables are a big problem in case of data intermixing,so make sure at any stage your username is not static.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66184
146
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Raj Kumar Bindal:
If you are setting username in session,there should not be any intermixing of the data.


That's not entirely true. As John pointed out, sessions are not thread-safe. It was said that sessions are limited to a single user, and that's sort of true, but in reality thery're limited to a single cookie pool.

So cross-thread data contention in the session can still occur for any web page where multiple requests can be simultaneously active. This can happen if a page has frames, uses iframes, or uses Ajax.

Some browsers also share cookies across browser windows under certain circumstances which could also lead to multiple threads accessing the same session.
[ March 04, 2007: Message edited by: Bear Bibeault ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!