• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Bear Bibeault
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • salvin francis
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Frits Walraven
Bartenders:
  • Jj Roberts
  • Carey Brown
  • Scott Selikoff

Session information jumping users

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have Tomcat 4.1.30 installed on Win2K Server with latest SP and running fine. The problem I'm having is this:

A user log's in , and they are authenticated against a SQL Server database. When a match is found, some information is saved in a session variable. Particularly a value called "userID", which is a 6 or 7 digit number.

The user then is forwarded to a page that does a Database retrieval of some statistics based on their unique "userID" , and all this information is displayed in a JSP. ( The JSP does all the work. Queries and all ) I have yet to make Servlets do this work and let the JSP handle displaying ...

Problem is this: After 2 different users log into the system , and see their initial statistics, if they were to both hit "refresh" ( F5 ) at the same time ( or very close proximity ) , they could very possibly see each others stats instead of thier own.

Upon refresh, the JSP is supposed to grab the unique "userID" from the session, and use this for all the queries for this particular page.

How is it possible that users at times ( say 5% of the time ) can get someone else's statistics and not their own ? I thought sessions were unique to each user ?

I've checked and double checked the page and cannot see anything obvious that is causing this problem.

ANY help or tips would be greatly appreciated.

Kosaic

java@nbnet.nb.ca
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How is it possible? The usual reason is that you have used an instance variable(s) somewhere in the JSP.
I suggest you look at the servlet code the JSP compiler created - sometimes things are more obvious there.
Bill
 
Sheriff
Posts: 67502
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Or, since you seem to already know that


The JSP does all the work. Queries and all



is a very bad idea, why not just factor all that junk out to a servlet (also with no instance variables) like it should be and save yourself some hair-pulling?
 
David Donovan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks guys ....

<%! private int userID; %> was the culprit at the top of my .jsp

It's so easy to overlook something so simple. Now I'm going to migrate to a servlet for obvious reasons.

Thanks again,
Kosaic
 
Thank you my well lotioned goddess! Here, have my favorite tiny ad!
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic