One client user sees HttpSession data belonging to another client user
 Technote (troubleshooting)
 
Problem(Abstract)
Debugging a problem with one user seeing HttpSession data belonging to another user. This technote explains notes of coding the JSP and Servlet of IBM® WebSphere® Application Server and Java™ as possible causes of the problem.
 
Cause
One common cause of a user seeing HttpSession data belonging to another user occurs when a PrintWriter or an HttpServletResponse gets stored on a bean (or other object) that is eventually stored either on a session or in a globally (servlet level) accessed variable.

Another cause of this problem is the use of <%! ... %> in a JSP to declare variables. The proper use for the vast majority of applications is <% ... %> (no ! mark). The ! causes variables (and methods) to be declared at the Servlet level and shared across all requests for that JSP. Without the ! mark, variables are declared at the service() method level and are private to each new incoming HTTP request. The issue occurs when either corresponds.
 
Resolving the problem
Check your application code to ensure you are not storing a PrintWriter or HttpServletResponse within a session object.

Check your JSPs to ensure you are not declaring variables using the following format:

<%! ... %>.

If you are, remove the "!".
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Sessions and Session Management
Operating system(s): Windows
Software version: 6.1
Software edition:
Reference #: 1175500
IBM Group: Software Group
Modified date: Oct 15, 2007