Hi Chris,
I am using JSF (apache faces). The way to get Session or HttpServletRequest
from a backing bean is through FacesContext. Backing beans are not servlet, so
can not access HttpServletRequest directly.
After synchronizing the method, I still got the same problem.
It is in production stage and users are starting to use it. I am very
nerveous.
Thanks!
Dave
Christopher Schultz <[EMAIL PROTECTED]> wrote:
DAve,
> Current symptom is: a user info gets into another user's session. So
> sometimes User A can see User B's info.
>
> The way to get session: is it thread-safe?
>
> public static HttpSession getHttpSession(boolean create) {
> FacesContext context = FacesContext.getCurrentInstance(); return
> (HttpSession)context.getExternalContext().getSession(create); }
A static getHttpSession method is almost sure to cause problems. Why are
you not using HttpServletRequest.getSession? This method accepts no
information from the caller that identifies the user trying to get their
session. How do you identify users or sessions? Where is the session id?
-chris
---------------------------------
Yahoo! Music Unlimited - Access over 1 million songs.Try it free.
