|
Problem |
Debugging a problem with one user seeing HttpSession data
belonging to another user. |
|
Cause |
One common cause of one user seeing HttpSession data
belonging to another user occurs when a PrintWriter or a
HttpServletResponse gets stored on a bean (or other object) that is
eventually stored either on a session or in a globally (servlet level)
accessed variable.
Another cause of this problem is the use of <%! ... %> in a
JSP to declare variables. The proper use for the vast majority of
applications is <% ... %> (no ! mark). The ! causes
variables (and methods) to be declared at the Servlet level and shared
across all requests for that JSP. Without the ! mark, variables are
declared at the service() method level - private to each new incoming HTTP
request. |
|
Solution |
Check your application code to ensure you are not storing
a PrintWriter or HttpServletRespone within a session object.
Check your JSPs to ensure you are not declaring variable using the
following format:
<%! ... %>.
If you are, remove, the "!". |
|
|
|
|
|
|