4 Replies Latest reply: Aug 23, 2012 2:37 PM by 957623 RSS

    Session information is getting overwritten once multiple user logged in.

    user11995226
      Hi All,

      I am trying to make online examination application.
      I am using following servlet code to store the logged in user information in the session.


      session = request.getSession();
      session.setAttribute("userName", userName );
      session.setAttribute( "LoginId", loginId );



      The information is getting stored in the session and i am able to retrieve the same for single user. The trouble starts when 2 user logged in from different browser (for example chrome, IE) from the same machine. The 2nd logged in user, overwrite the session information of first user.

      How to prevent this.

      My environment: Windows 7 64 bit, IBM websphere server, Oracle 11g, JSP, Sevrlet.


      Thanks
      With Regards
        • 1. Re: Session information is getting overwritten once multiple user logged in.
          DrClap
          Presumably you're storing references to the same objects in both sessions. Your posted code doesn't provide any way to tell where you got those objects from.
          • 2. Re: Session information is getting overwritten once multiple user logged in.
            user11995226
            HI DrClap,
            Thanks for your reply.


            I have a login page which takes user user input (login id & password) while submit it calls the servlet doPost method.



            public void doPost( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
            {

            response.setContentType( "text/html" );
            PrintWriter out = response.getWriter();
            String loginId = request.getParameter(loginId );
            String password = request.getParameters(pwd);
            // Business logic: here i am checking if loginid and pwd is correct or not based on the value stored in the Database.
            // Once the user is verified i am storing the information in the session. else i am displaying the error message to user.

            if (validUser())

            session = request.getSession();
            session.setAttribute("userName", userName );
            session.setAttribute( "LoginId", loginId );
            // user is now redirected to his home page.
            }
            else
            {
            // redirect to error page.
            }


            }


            Every user will go through this cycle. The above works fine for single user. Once two user logon on different browser (Chrome and IE). The session information is overwritten.

            I hope the problem is more clear now.

            Thanks
            With Regards
            • 3. Re: Session information is getting overwritten once multiple user logged in.
              EJP
              What is the scope of the userName variable? It needs to be method-local, not an instance or static member.
              • 4. Re: Session information is getting overwritten once multiple user logged in.
                957623
                Excellent point re scope.

                I was having the same issue (different environment).

                My session & username variables were method local.

                HttpSession httpSession = request.getSession(false) ; // get an existing session
                String username = (String) httpSession.getAttribute("username") ;

                But - the page I was serving with "welcome username" was static.
                This looked like I was getting the wrong user session data.
                The session data was fine, it was the static page I was serving that was the problem.
                I had just missed "localizing" the page.
                That solved the problem for me.

                Good Luck