Hi Tim,
It is very strange. I do not understand how a User object in Session A gets
into Session B. It seems that after a session is expired or invalidated, that
session is attached to another user's request.
Just one guess.
Please share more when you find anything.
Thanks,
Dave
Timothy Collett <[EMAIL PROTECTED]> wrote:
On Jul 20, 2006, at 8:36 PM, Dave wrote:
> Is the following method thread-safe?
>
> I use my own way for authentication. After authenticated, a user
> info is put into session, when logout, call session.invalidate();
>
> Current symptom is: a user info gets into another user's
> session. So sometimes User A can see User B's info.
Actually, I'm seeing something very similar, and it's a good thing my
webapp is only in testing, or it would, indeed, be causing problems...
I've got custom User and UserSession classes for tracking users in
general and logged-in users, respectively. For the moment, the main
symptoms of the problem are that the username field and the test/live
data field are getting munged between users somehow. I've tried to
trace it, and haven't been able to determine the mechanism by which
it happens. It's also somewhat disturbing that it's just those two
fields, and none of the rest of them.
I'll try and take another look, recreate my last experiments with the
problem, and come back with some more detailed information.
Timothy Collett
--
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.
~haiku~
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------
See the all-new, redesigned Yahoo.com. Check it out.
