Thanks for the reply
I generate the session in a servlet in doPost method that would be:
protected void doPost ( HttpServletRequest request , HttpServletResponse
response)
throws ServletException , IOException {
*/ / create the session*
HttpSession session = request.getSession ( ) ;
*/ / set attribute*
session.setAttribute ( " idser " p_iduser ) ;
session.setAttribute ( "username" , p_username ) ;
*/ / redirect to page " menu.jsp "*
response.sendRedirect ( " menu.jsp " ) ;
} */ / end method*
On page " menu.jsp " I get the attribute with :
session = request.getSession ( false);
String userid = (String ) session.getAttribute ( " userid " ) ;
String user = (String ) session.getAttribute ( "user") ;
It is possible that this code *HttpSession session = request.getSession ( )* ;
this bad and how I can correct it.
It is possible that this code:* session = request.getSession (false )*,
this bad and how I can correct it.
They could give me an example of how to work with sessions (create and
capture) in a Java application with JSP, please
2013/11/11 Christopher Schultz <ch...@christopherschultz.net>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Jose,
>
> On 11/11/13, 8:24 AM, Jose Irrazabal wrote:
> > Thanks for the answer, then it can be when generating the session?
> >
> > I use a servlet to create the session with the code: *HttpSession
> > session = request.getSession ();* Then I add the attributes:
> > *session.setAttribute ("idUser" p_iduser);* *
> > session.setAttribute ("username", p_username);* *
> > session.setAttribute ("idrol" p_idrol);* And redirected to the page
> > "principal.jsp" : *response.sendRedirect ("principal.jsp");* On
> > page "principal.jsp", recovery attributes for display: *session =
> > request.getSession (false);* * Id_user String = (String)
> > session.getAttribute ("idUser");* * String username = (String)
> > session.getAttribute ("username");* * Idrol String = (String)
> > session.getAttribute ("idrol");*
>
> Note that "session" should be an implicit variable in every page,
> already set to the user's session. You should not have to call
> request.getSession in your page at all.
>
> > This is where the problem occurred, a user session captured the
> > other user sesion, may then this used procedure is bad?
>
> Usually this kind of thing happens because you have stored a reference
> to a HttpServletRequest or HttpSession object somewhere you should not
> have.
>
> Can you:
>
> a. Try to reproduce this issue with current Tomcat 7.0.47
>
> b. Create a minimal, simple test WAR that demonstrates your problem
> and post it somewhere
>
> This is very unlikely to be a bug in Tomcat, but more likely a bug in
> your own code.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSgPXYAAoJEBzwKT+lPKRYRl0P/i7xEX9mo05Lmkpd1q2gil3s
> jr5+jn10y52heuIPR+kttkjQIYH49l0IqlME3GLsItjTL7m6HoYaQa/CVKY4ksWo
> M2ZhXFKQTu0995Dsye8zTAmP5IxDx6ZI2PXmG3crCt4e4G2tjfNNe1WrqLJjvG97
> w8jHL/F2J5AA6lLZp+8L3hm4o6mAzDuEnpVsJRB7EKLj06P02PtQG6j6lVleoioj
> qIUiSDnYtjurByQahgyXOJnk73ZV/CDX+fTmmezOapk+XmzlRSyRLPDBQRLUfsgp
> eqjY02e5RV0yusLZD0M15ENieHOf1e4inhI4eHBn77yRe0y4KU0Q1HjGcKNlpgsN
> yTEFQ2Votn/39V6ZEm79ee4rVvcFc9I4J+UqX/4b7OxTffUHa021+3gl1uHIIiNX
> TZCOrbQBHXzPD/qhPXk1FjHRm6/SzPwBypcKho+0hc8cPtPa7+O/9gu3gcPRdpgd
> O0uKB1Ypqv+729JJuXYk0lDdG+vCsDl3j3tYYGoFmwpWn4UiuTBLMaa/eBLnnIBW
> +mfXkpcyADywXcAGgAi94DIRCeP252kO0/+T6E8csroTQF9zi7v/c23CaiBZu5Qw
> efs2jC7Iq4IMvBsmNj8CwWAr2O09dur3E40WeRNuV4q4QNxuhFzaV5t7x7VapqmA
> eJ9Hk5jgb6qpVbITld8T
> =csbX
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
