In my LoginAction i am setting the session as
private boolean isUserExist() { Connection con = null; boolean result = false; // MD5Util MD5=new MD5Util(); try { con = ConnectionFactory.getConnection(); String sqlQ = "SELECT * FROM USER_MASTER WHERE LOGIN_ID=?" + "AND PASSWORD=? AND ROLE=? AND STATUS='Y'"; PreparedStatement pstmt = con.prepareStatement(sqlQ); pstmt.setString(1, getUserId().trim()); pstmt.setString(2, getPassword().trim()); pstmt.setString(3, getRole().trim()); ResultSet rst = pstmt.executeQuery(); if (rst.next()) { user = new User(); user.setUserId(rst.getInt("USER_ID") == 0 ? 0 : rst .getInt("USER_ID")); user.setUserName(rst.getString("USER_NAME") == null ? "" : rst .getString("USER_NAME")); user.setRole(rst.getString("ROLE") == null ? "" : rst .getString("ROLE")); user.setAddress(rst.getString("LOGIN_ID") == null ? "" : rst .getString("LOGIN_ID")); user.setCandidateId(rst.getString("CANDIDATE_ID") == null ? "" : rst.getString("CANDIDATE_ID")); if (getCustType1() == null) { user.setCustType(""); } else { user.setCustType(getCustType1()); } result = true; * getSession().put("loginDetails",user);* } And in other Actions i am getting the session as : User user = (User) getSession().get("loginDetails"); if (user == null) { addActionMessage("Not Authorize to view this page."); return ERROR; } AppointmentDocDBdao appointmentdocdob = new AppointmentDocDBdao(); custType = appointmentdocdob.getCustType(Integer.parseInt(user .getCandidateId())); Is there any problem in this code.