I have Tomcat 4.1.30 installed on Win2K Server with latest SP and running fine. The problem I'm having is this:
A user log's in , and they are authenticated against a SQL Server database. When a match is found, some information is saved in a session variable. Particularly a value called "userID", which is a 6 or 7 digit number.
The user then is forwarded to a page that does a Database retrieval of some statistics based on their unique "userID" , and all this information is displayed in a JSP. ( The JSP does all the work. Queries and all ) I have yet to make Servlets do this work and let the JSP handle displaying ...
Problem is this: After 2 different users log into the system , and see their initial statistics, if they were to both hit "refresh" ( F5 ) at the same time ( or very close proximity ) , they could very possibly see each others stats instead of thier own.
Upon refresh, the JSP is supposed to grab the unique "userID" from the session, and use this for all the queries for this particular page.
How is it possible that users at times ( say 5% of the time ) can get someone else's statistics and not their own ? I thought sessions were unique to each user ?
I've checked and double checked the page and cannot see anything obvious that is causing this problem.
How is it possible? The usual reason is that you have used an instance variable(s) somewhere in the JSP. I suggest you look at the servlet code the JSP compiler created - sometimes things are more obvious there. Bill