Ok, let me share my source code with you...
my index.jsp page has a html form which submits the form data to a servlet
called loginmanager.
this is the code inside doPost function;
try {
userbean user = new userbean(); // usebean is a class the has
setter and getter functions for user attributes
user.setUserId(request.getParameter("txt_userid"));
user.setPassword(request.getParameter("txt_pass"));
user = udac.login(user); //udac is a class that has data access
functions, login function takes user object and checks its existence in db and
sets isValid attribute for that user
if (user.isValid()){
HttpSession session = request.getSession(true);
session.setAttribute("user_id",user.getUserId());
session.setAttribute("user_name",user.getName());
session.setAttribute("role_id",user.getRole());
session.setAttribute("role_desc", user.getRoleDesc());
session.setAttribute("last_login", user.getLastLogin());
response.sendRedirect("main.jsp"); //logged-in page
}else{
response.sendRedirect("index.jsp?user="+user.isValid());
//revert back to login page
}
} finally {
out.close();
}
Previously i had tried a simple way; my index.jsp file called itself on form
submit, below code was in index.jsp (no servlet etc);
//after form is submitted
String query = "SELECT a.USER_ID,a.NAME, a.BRANCH_CODE, a.PASSWORD,
a.LAST_LOGIN_DATE, a.ROLE_ID, b.ROLE_DESC FROM LOGIN_INFORMATION a, ROLES b
WHERE a.ACTIVE = 'A' AND a.ROLE_ID = b.ROLE_ID ";
query = query + "AND LOWER(a.USER_ID) = LOWER('"+
request.getParameter("txt_userid") + "') AND a.PASSWORD = '"+ epass +"'";
boolean hasdata=false;
java.sql.ResultSet rs = connection.executeQuery(query);
while(rs.next()) {
hasdata=true;
session.setAttribute("user_id",rs.getString("USER_ID"));
session.setAttribute("user_name",rs.getString("NAME"));
session.setAttribute("branch_code",rs.getString("BRANCH_CODE"));
session.setAttribute("role_id",rs.getString("ROLE_ID"));
session.setAttribute("role_desc",rs.getString("ROLE_DESC"));
session.setAttribute("last_login",rs.getString("LAST_LOGIN_DATE"));
upsql = "UPDATE LOGIN_INFORMATION SET LAST_LOGIN_DATE = SYSDATE
WHERE USER_ID = '"+ rs.getString("USER_ID") +"'";
int up = connection.executeUpdate("UPDATE LOGIN_INFORMATION SET
LAST_LOGIN_DATE = SYSDATE WHERE USER_ID = '"+ rs.getString("USER_ID") +"'");
int audit_insrt = InsertAuditEntry("F001", (String)
session.getAttribute("user_id"), (String) session.getAttribute("branch_code"));
response.sendRedirect("main.jsp");
//out.println("Logged in");
}
behaviour is same in both cases. thanks!
________________________________
From: Pid [mailto:p...@pidster.com]
Sent: Thu 19-Aug-10 9:03 PM
To: Tomcat Users List
Subject: Re: Sessions mix-up on Tomcat 6.0.26 on Linux
On 19/08/2010 14:02, Caldarale, Charles R wrote:
> Yawar Saeed Khan/ITG/Karachi wrote:
>>
>> I have developed a web application using jsp and servlets with
>> oracle database.
>>
>> The application is working fine on windows,
>
> Or at least running on that platform hasn't uncovered the latent bugs in your
> webapp.
>
>> but the problem arises when we deploy it on Linux(64bit),
>>
>> we get session issues in the application.
>> The session variables get mixed up and we can see previously
>> logged user's profile page.
>
> This happens frequently for applications that misuse scope, doing such things
> as storing the request or response object in the session or some ThreadLocal
> field. It has never been shown to be an issue in a stable version of Tomcat.
+1
Odds on the session or request is being stored in an instance field in a
servlet somewhere.
p
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
This E-mail is confidential. It may also be legally privileged. If you are not
the addressee you may not copy, forward, disclose or use any part of it. If you
have received this message in error, please delete it and all copies from your
system and notify the sender immediately by return E-mail. Internet
communications cannot be guaranteed to be timely, secure, error or virus-free.
MCB Bank does not accept liability for any errors or omissions.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
