-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Jose,
On 11/11/13, 3:29 PM, Jose Irrazabal wrote:
> I generate the session in a servlet in doPost method that would
> be:
>
> protected void doPost ( HttpServletRequest request ,
> HttpServletResponse response) throws ServletException , IOException
> {
>
> */ / create the session* HttpSession session = request.getSession (
> ) ;
>
> */ / set attribute* session.setAttribute ( " idser " p_iduser ) ;
> session.setAttribute ( "username" , p_username ) ;
>
> */ / redirect to page " menu.jsp "* response.sendRedirect ( "
> menu.jsp " ) ;
>
>
> } */ / end method*
>
> On page " menu.jsp " I get the attribute with :
>
> session = request.getSession ( false); String userid = (String )
> session.getAttribute ( " userid " ) ; String user = (String )
> session.getAttribute ( "user") ;
So you are saying that with a simple servlet and JSP you can
demonstrate that Tomcat is swapping session ids between two users?
Please provide a WAR file including source that demonstrates the
problem, and includes instructions for how to "see" the problem.
You won't be able to post a WAR file to the list, so throw it on
DropBox or something like that. Don't create a Bugzilla entry because
I'm sure this isn't a Tomcat bug.
> It is possible that this code *HttpSession session =
> request.getSession ( )* ; this bad and how I can correct it.
Very unlikely.
> It is possible that this code:* session = request.getSession (false
> )*, this bad and how I can correct it.
I wouldn't bother having that line in your JSP at all: it just does
what the JSP container will do for you, anyway (except that the
container will pass "true" as the boolean argument to that method).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSgUP1AAoJEBzwKT+lPKRYg8MP/i+X3mi5w2BKVjC8nNv8KTvN
NyfJ6rye0ljxwmH2QH7qqlP/s6GXP+S+vYeTeT9F6q3a/w1p4ZQIginYuBnnD0k0
FC4qSc2waIls7xs8/ICvWYBt/EvhIF4i8TJ1qJ2fZyMcHN8G3Z+BYlP44KYrT5nn
sT0VQZwIoWgfgv+m1halW3Rk4eHdyvmFlp10stUQ0Tjfrr40W7z78BHvZ3qfXG85
oMVXtlyFZf/HS7n87D7DMzpRJjccTVC4vhuFaVFiSdZzITRd7C+GYK1CfENdFtMW
ea7ImL1nsss/3bOSQWyH0eivE1WBcRVSHucQlXNKzDZh4DerLp9CMQ50u4wz9jPa
haf3vkDwHiFqN/rvRVz3MsZOetFkioxUugzc62rNPCTUmBJ36pHUDFHFyBVMbPxY
aX2YVAYr+6AGOUfv+fHcnqi7ydREBcDNpYNlP9Pw4Q7ayYxkRnWxk5h+Jj8KkJXH
0walKBAXQZ3lPxInnbBUIdXGPRPDDA69Dxk7w1IvXOxK5otmo93Y7CcqSB5kX0GQ
vfq8vIS5c71jO/31nJbFQTXnKDCjKNPCKPS14i/ugA5Ueenocaw0BN02m+EAsUWD
S/d7onMbo09Xh3wA42R9DVMwKXNzOSB68xa1gGTbU8YBrDSDeU+le3vhDQWUt425
TYdnem1yOQGzYzKKsGs2
=/zLa
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
