Yawar Khan wrote:
Felix, the issue still persists, i dont know what else to do? and i dont know
why this issue is popping up on linux enviroment only. under windows there is no
session mixup issue.
Now this are no class wide variables and i had moved them inside the login
function.
Hi.
Thi
i had moved them inside the
login
> function.
>
>
>
>
>
>
>
> From: Felix Schumacher
> To: Tomcat Users List
> Sent: Sat, August 21, 2010 6:07:18 PM
> Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
>
>
>
>
.
From: Felix Schumacher
To: Tomcat Users List
Sent: Sat, August 21, 2010 6:07:18 PM
Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
"Yawar Khan" schrieb:
>thanks felix, very nicely explained!
>
>but do you think that declaring connection and rs variable
ith the
values of your user beans.
Hth
Felix
>
>
>
>
>From: Felix Schumacher
>To: Tomcat Users List
>Sent: Sat, August 21, 2010 4:13:52 PM
>Subject: RE: Sessions mix-up on Tomcat 6.0.26 on Linux
>
>Am Freitag, den 20.08.2010,
{
> stmt.close();
> } catch (Exception e) {}
> stmt = null;
> }
>
> if (currentCon != null) {
> try {
> currentCon.close();
> } catch (Exception e
gt; Sent: Sat, August 21, 2010 3:16:23 PM
> Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
>
> On Sat, Aug 21, 2010 at 6:54 AM, Yawar Khan wrote:
>
>> Chris, you identified a possible sql injection in my code and declaring it
>> a
>> very bad piece of code.
wesley, no i am not using sql bindings, what are the security holes?
you havent told me why my sessions are getting mixed up here?
From: Wesley Acheson
To: Tomcat Users List
Sent: Sat, August 21, 2010 3:16:23 PM
Subject: Re: Sessions mix-up on Tomcat 6.0.26
try {
>stmt.close();
> } catch (Exception e) {}
>stmt = null;
> }
>
> if (currentCon != null) {
> try {
>currentCon.close();
> } catch
} catch (Exception e) {}
> stmt = null;
> }
>
> if (currentCon != null) {
> try {
>currentCon.close();
> } catch (Exception e) {
> }
>
>
}
}
return bean;
}
}
ysk
-Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Friday, August 20, 2010 3:43 AM
To: Tomcat Users List
Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA
...@gmail.com]
Sent: Friday, August 20, 2010 2:05 AM
To: Tomcat Users List
Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
Maybe its just be but I still don't see where uadc is declared or even
imported.
On Thu, Aug 19, 2010 at 10:26 PM, Yawar Saeed Khan/ITG/Karachi <
yawar.sa...@mc
On 19/08/2010 23:42, Christopher Schultz wrote:
> Wesley,
>
> On 8/19/2010 5:04 PM, Wesley Acheson wrote:
>> Maybe its just be but I still don't see where uadc is declared or even
>> imported.
>
> ...or even used.
>
> I'm guessing that the bad code exists outside of this login servlet.
s/the b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Wesley,
On 8/19/2010 5:04 PM, Wesley Acheson wrote:
> Maybe its just be but I still don't see where uadc is declared or even
> imported.
...or even used.
I'm guessing that the bad code exists outside of this login servlet.
- -chris
-BEGIN PGP S
d void doGet(HttpServletRequest request, HttpServletResponse
> response)
>throws ServletException, IOException {
>processRequest(request, response);
>}
>@Override
>protected void doPost(HttpServletRequest request, HttpServletResponse
> response)
> throws Servl
s
On Thu, Aug 19, 2010 at 9:27 PM, Yawar Saeed Khan/ITG/Karachi <
yawar.sa...@mcb.com.pk> wrote:
> source code is attached;
>
> suggestions are welcome.
>
> ____________
>
> From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
> Sent: Fri 20-A
gestions are welcome.
>
>
>
> From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
> Sent: Fri 20-Aug-10 12:38 AM
> To: Tomcat Users List
> Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
>
>
>
> Okay I've a little tehory could you post
source code is attached;
suggestions are welcome.
From: Wesley Acheson [mailto:wesley.ache...@gmail.com]
Sent: Fri 20-Aug-10 12:38 AM
To: Tomcat Users List
Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
Okay I've a little tehory could you pos
Okay I've a little tehory could you post the entire code for loginmanager.
How is udac declared? If its a class variable then *ITS NOT THREAD SAFE*.
As a basic rule don't declare class variables in a servlet (There are
exceptions to this rule but you shouldn't under normal circumstances)
On 8/19/2010 11:28 AM, Yawar Saeed Khan/ITG/Karachi wrote:
> Chuck, what you say makes sense but I check the behavior on windows.
All that says to me is that your testing environment on Windows is inadequate.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MAT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yawar,
On 8/19/2010 11:28 AM, Yawar Saeed Khan/ITG/Karachi wrote:
> Chuck, what you say makes sense but I check the behavior on windows.
> the problem is in Linux environment only. I would imagine that tomcat
> configuration might be different on both
: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
2010/8/19 Yawar Saeed Khan/ITG/Karachi :
> Ok, let me share my source code with you...
>
> HttpSession session = request.getSession(true);
> response.sendRedirect("main.jsp"); //logged-in page
2010/8/19 Yawar Saeed Khan/ITG/Karachi :
> Ok, let me share my source code with you...
>
> HttpSession session = request.getSession(true);
> response.sendRedirect("main.jsp"); //logged-in page
See documentation on HttpServletResponse.encodeRedirectURL( ) method.
I
YSDATE WHERE USER_ID = '"+ rs.getString("USER_ID") +"'");
int audit_insrt = InsertAuditEntry("F001", (String)
session.getAttribute("user_id"), (String) session.getAttribute("branch_code"));
response.sendRedirect("main.j
both machines
with default configurations.
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Thu 19-Aug-10 7:02 PM
To: Tomcat Users List
Subject: RE: Sessions mix-up on Tomcat 6.0.26 on Linux
Yawar Saeed Khan/ITG/Karachi wrote:
>
>
On 19/08/2010 14:02, Caldarale, Charles R wrote:
> Yawar Saeed Khan/ITG/Karachi wrote:
>>
>> I have developed a web application using jsp and servlets with
>> oracle database.
>>
>> The application is working fine on windows,
>
> Or at least running on that platform hasn't uncovered the latent bu
Ben Souther wrote:
On Thu, 2010-08-19 at 12:45 +0200, André Warnier wrote:
Yawar Saeed Khan/ITG/Karachi wrote:
Hi,
I have developed a web application using jsp and servlets with oracle
database.
and with Tomcat also ?
Look in the subject line. :)
Ok, I overlooked the subject line (*).
Yawar Saeed Khan/ITG/Karachi wrote:
>
> I have developed a web application using jsp and servlets with
> oracle database.
>
> The application is working fine on windows,
Or at least running on that platform hasn't uncovered the latent bugs in your
webapp.
> but the problem arises when we deploy
On Thu, 2010-08-19 at 12:45 +0200, André Warnier wrote:
> Yawar Saeed Khan/ITG/Karachi wrote:
> > Hi,
> >
> >
> > I have developed a web application using jsp and servlets with oracle
> > database.
> >
> and with Tomcat also ?
Look in the subject line. :)
> >
> >
> >
> > The application
Yawar Saeed Khan/ITG/Karachi wrote:
Hi,
I have developed a web application using jsp and servlets with oracle
database.
and with Tomcat also ?
The application is working fine on windows,
Windows version, JVM version, tomcat version ?
but the problem arises when
we deploy it on Linux
29 matches
Mail list logo
