DAve,
> Current symptom is: a user info gets into another user's session. So
> sometimes User A can see User B's info.
>
> The way to get session: is it thread-safe?
>
> public static HttpSession getHttpSession(boolean create) {
> FacesContext context = FacesContext.getCurrentInstance(); return
> (HttpSession)context.getExternalContext().getSession(create); }A static getHttpSession method is almost sure to cause problems. Why are you not using HttpServletRequest.getSession? This method accepts no information from the caller that identifies the user trying to get their session. How do you identify users or sessions? Where is the session id? -chris
signature.asc
Description: OpenPGP digital signature
