Re: Session is really not a simple stuff...

Wed, 10 May 2000 08:29:01 -0700 

Franck Rageade wrote:

> Hello everybody,
>
>     I still have many problems to manage my session tracking... I work on an 
>intranet portal using NT4 / IIS / Resin 1.1. When the user logs on, an instance of 
>User class is instanciated, with the user's configuration, and this instance is 
>stored in the session. It looks like that :
>
> <%
> HttpSession sess = req.getSession(true);
> MGUser mgUser = new MGUser(cookieCode, req.getServerName());
> sess.setAttribute("sessionMGUser", mgUser);
> %>
>
> Then, at the top of every page, the User object is retrieved with :
>
> <%!
>  MGUser mgUser;
>  HttpSession sess;
> %>
>
> <% sess = request.getSession(false);
>  if (sess==null) response.sendRedirect(AUTH_FORM_URL);
>  mgUser = (MGUser)sess.getAttribute("sessionMGUser");
> %>
>
> This seems to work fine, but...
>
>     when the user logs out, or kills the browser, and another user tries to log in, 
>the second user retrieves the first one's configuration !!!
>
> Well, I have noticed that a JSESSIONID cookie was set by the server to track the 
>session, but even when I clear (overwrite) this cookie, the problem is not solved.
>
> Can anybody explain me how to efficiently manage sessions ?
>
> Regards,
>
>         Franck
>
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø
>
> FRANCK RAGEADE
> Skill Group e-Business
>
> SBA 67 - France & Abroad
> Cap Gemini France - Division Rhône-Alpes
>
> 11, Chemin des Prés
> ZIRST 4403
> 38944 Meylan , France
>
> LoginId: frageade
> Email: [EMAIL PROTECTED]
> Phone: +33 (04) 76 76 47 65
> Fax: +33 (04) 76 41 24 61
>
> ¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

    Do you use
                session.Invalidate() when the user logs out?

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to