|
Problem(Abstract) |
Debugging a problem with one user seeing HttpSession data
belonging to another user. This technote explains notes of coding the JSP
and Servlet of IBM® WebSphere® Application Server and Java™ as possible
causes of the problem. |
|
|
|
Cause |
One common cause of a user seeing HttpSession data
belonging to another user occurs when a PrintWriter or an
HttpServletResponse gets stored on a bean (or other object) that is
eventually stored either on a session or in a globally (servlet level)
accessed variable.
Another cause of this problem is the use of <%! ... %> in a
JSP to declare variables. The proper use for the vast majority of
applications is <% ... %> (no ! mark). The ! causes
variables (and methods) to be declared at the Servlet level and shared
across all requests for that JSP. Without the ! mark, variables are
declared at the service() method level and are private to each new
incoming HTTP request. The issue occurs when either corresponds. |
|
|
Resolving the
problem |
Check your application code to ensure you are not storing
a PrintWriter or HttpServletResponse within a session object.
Check your JSPs to ensure you are not declaring variables using the
following format:
<%! ... %>.
If you are, remove the "!". |
|
|