-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jose,
On 11/11/13, 8:24 AM, Jose Irrazabal wrote:
> Thanks for the answer, then it can be when generating the session?
>
> I use a servlet to create the session with the code: *HttpSession
> session = request.getSession ();* Then I add the attributes:
> *session.setAttribute ("idUser" p_iduser);* *
> session.setAttribute ("username", p_username);* *
> session.setAttribute ("idrol" p_idrol);* And redirected to the page
> "principal.jsp" : *response.sendRedirect ("principal.jsp");* On
> page "principal.jsp", recovery attributes for display: *session =
> request.getSession (false);* * Id_user String = (String)
> session.getAttribute ("idUser");* * String username = (String)
> session.getAttribute ("username");* * Idrol String = (String)
> session.getAttribute ("idrol");*
Note that "session" should be an implicit variable in every page,
already set to the user's session. You should not have to call
request.getSession in your page at all.
> This is where the problem occurred, a user session captured the
> other user sesion, may then this used procedure is bad?
Usually this kind of thing happens because you have stored a reference
to a HttpServletRequest or HttpSession object somewhere you should not
have.
Can you:
a. Try to reproduce this issue with current Tomcat 7.0.47
b. Create a minimal, simple test WAR that demonstrates your problem
and post it somewhere
This is very unlikely to be a bug in Tomcat, but more likely a bug in
your own code.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSgPXYAAoJEBzwKT+lPKRYRl0P/i7xEX9mo05Lmkpd1q2gil3s
jr5+jn10y52heuIPR+kttkjQIYH49l0IqlME3GLsItjTL7m6HoYaQa/CVKY4ksWo
M2ZhXFKQTu0995Dsye8zTAmP5IxDx6ZI2PXmG3crCt4e4G2tjfNNe1WrqLJjvG97
w8jHL/F2J5AA6lLZp+8L3hm4o6mAzDuEnpVsJRB7EKLj06P02PtQG6j6lVleoioj
qIUiSDnYtjurByQahgyXOJnk73ZV/CDX+fTmmezOapk+XmzlRSyRLPDBQRLUfsgp
eqjY02e5RV0yusLZD0M15ENieHOf1e4inhI4eHBn77yRe0y4KU0Q1HjGcKNlpgsN
yTEFQ2Votn/39V6ZEm79ee4rVvcFc9I4J+UqX/4b7OxTffUHa021+3gl1uHIIiNX
TZCOrbQBHXzPD/qhPXk1FjHRm6/SzPwBypcKho+0hc8cPtPa7+O/9gu3gcPRdpgd
O0uKB1Ypqv+729JJuXYk0lDdG+vCsDl3j3tYYGoFmwpWn4UiuTBLMaa/eBLnnIBW
+mfXkpcyADywXcAGgAi94DIRCeP252kO0/+T6E8csroTQF9zi7v/c23CaiBZu5Qw
efs2jC7Iq4IMvBsmNj8CwWAr2O09dur3E40WeRNuV4q4QNxuhFzaV5t7x7VapqmA
eJ9Hk5jgb6qpVbITld8T
=csbX
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
