One client user sees HttpSession data belonging to another client user
 Technote (FAQ)
 
Problem
Debugging a problem with one user seeing HttpSession data belonging to another user.
 
Cause
One common cause of one user seeing HttpSession data belonging to another user occurs when a PrintWriter or a HttpServletResponse gets stored on a bean (or other object) that is eventually stored either on a session or in a globally (servlet level) accessed variable.
Another cause of this problem is the use of <%! ... %> in a JSP to declare variables. The proper use for the vast majority of applications is <% ... %> (no ! mark). The ! causes variables (and methods) to be declared at the Servlet level and shared across all requests for that JSP. Without the ! mark, variables are declared at the service() method level - private to each new incoming HTTP request.
 
Solution
Check your application code to ensure you are not storing a PrintWriter or HttpServletRespone within a session object.

Check your JSPs to ensure you are not declaring variable using the following format:
<%! ... %>.
If you are, remove, the "!".
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Sessions and Session Management
Operating system(s): HP-UX
Software version: 4.0
Software edition:
Reference #: 1175500
IBM Group: Software Group
Modified date: Jun 30, 2005