I accessed from a new pc, which never accessed the page...
I'll do the System.out too
ta
Sascha
----- Original Message -----
From: "Yuval Perlov" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, February 26, 2008 11:28 PM
Subject: Re: sessionID moves to other PC
Maybe the browser is getting an old page from the cache?
Clear the browser cache and see if its better. Also, use a
System.out.println() and make sure what you are seeing on the browser
is what really happens on the server.
Yuval Perlov
www.r-u-on.com
On Feb 26, 2008, at 10:22 AM, Sascha Monteiro wrote:
Thanks,
I now put <% out.println(session.getId()); %> in the page..
I see my sessionID, but then navigate to another page and then see
the sessionID of the other user!
then I press reload in my browser, and I get my own session again,
till I navigate again...
I am not sure if the session is related to the visible ip-address..??
I do come from a shared internet connection through a router on a
cable connection.
I cannot imagine I am mixing variables, I only use
session.getAttribute & session.setAttribute
and base my query (to mysql) on the tablename in the session
and the sessionID should be unique to the user...and I don't refer to
a sessionID anywhere..
ta
Sascha
----- Original Message ----- From: "Yuval Perlov" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, February 26, 2008 7:51 PM
Subject: Re: sessionID moves to other PC
Make sure cookies are enabled. If they are:
There are two options (1) that it is indeed the same session and
that there is a huge Tomcat bug (2) that these are two separate
sessions but that you are somehow mixing the data - local bug.
To determine which is it, you could do a toString() on the session
and print it to the page. If the strings differ, tomcat is doing
fine and you should check where you mix the variables.
Yuval Perlov
http://www.r-u-on.com/
On Feb 26, 2008, at 5:58 AM, Sascha Monteiro wrote:
Hi,
I am struggeling with securing my pages where private data needs
to be read from a table.
I am using JSP in Tomcat5.5.23 btw. (which is hosted at eatj.com)
If I login on my page with 2 different userID's, from 2 different
computers (but sharing a Internet connection..!!!)
I will suddenly see data from the other userID, which is pretty
sensitive (financial information)
When a user logs in, I am setting the userID and the table to use with
session.setAttribute("username"rs.getString(1));
session.setAttribute("tablename"rs.getString(3));
then when I need to query the database, I use
session.getAttribute("tablename");
I have put <%=session.getId()%> in the head,
and I see the ID appearing, but suddenly changes when navigating
between pages... :-(
I hope this makes sense and that someone can help me...
I only found an old bug re duplicateID's, but that was in 2005...
cheers
Sascha
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
