This discussion is archived
4 Replies Latest reply: Aug 23, 2012 12:37 PM by 957623 RSS

Session information is getting overwritten once multiple user logged in.

user11995226 Newbie
Currently Being Moderated
Hi All,

I am trying to make online examination application.
I am using following servlet code to store the logged in user information in the session.


session = request.getSession();
session.setAttribute("userName", userName );
session.setAttribute( "LoginId", loginId );



The information is getting stored in the session and i am able to retrieve the same for single user. The trouble starts when 2 user logged in from different browser (for example chrome, IE) from the same machine. The 2nd logged in user, overwrite the session information of first user.

How to prevent this.

My environment: Windows 7 64 bit, IBM websphere server, Oracle 11g, JSP, Sevrlet.


Thanks
With Regards
  • 1. Re: Session information is getting overwritten once multiple user logged in.
    DrClap Expert
    Currently Being Moderated
    Presumably you're storing references to the same objects in both sessions. Your posted code doesn't provide any way to tell where you got those objects from.
  • 2. Re: Session information is getting overwritten once multiple user logged in.
    user11995226 Newbie
    Currently Being Moderated
    HI DrClap,
    Thanks for your reply.


    I have a login page which takes user user input (login id & password) while submit it calls the servlet doPost method.



    public void doPost( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
    {

    response.setContentType( "text/html" );
    PrintWriter out = response.getWriter();
    String loginId = request.getParameter(loginId );
    String password = request.getParameters(pwd);
    // Business logic: here i am checking if loginid and pwd is correct or not based on the value stored in the Database.
    // Once the user is verified i am storing the information in the session. else i am displaying the error message to user.

    if (validUser())

    session = request.getSession();
    session.setAttribute("userName", userName );
    session.setAttribute( "LoginId", loginId );
    // user is now redirected to his home page.
    }
    else
    {
    // redirect to error page.
    }


    }


    Every user will go through this cycle. The above works fine for single user. Once two user logon on different browser (Chrome and IE). The session information is overwritten.

    I hope the problem is more clear now.

    Thanks
    With Regards
  • 3. Re: Session information is getting overwritten once multiple user logged in.
    EJP Guru
    Currently Being Moderated
    What is the scope of the userName variable? It needs to be method-local, not an instance or static member.
  • 4. Re: Session information is getting overwritten once multiple user logged in.
    957623 Newbie
    Currently Being Moderated
    Excellent point re scope.

    I was having the same issue (different environment).

    My session & username variables were method local.

    HttpSession httpSession = request.getSession(false) ; // get an existing session
    String username = (String) httpSession.getAttribute("username") ;

    But - the page I was serving with "welcome username" was static.
    This looked like I was getting the wrong user session data.
    The session data was fine, it was the static page I was serving that was the problem.
    I had just missed "localizing" the page.
    That solved the problem for me.

    Good Luck

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points