Look for static variables on your code too, they may be erroneous sharing values between session.
On Fri, Jan 8, 2010 at 10:00 AM, Pedro Santos <pedros...@gmail.com> wrote: > If your servlet container bind an different session for your users > requests, you get the problem described too. Only one property of your > session has user B values for user A requests? Or the entire session are > different? > > > On Fri, Jan 8, 2010 at 9:52 AM, Pieter Degraeuwe < > pieter.degrae...@systemworks.be> wrote: > >> That's very odd... As I understood, methods on the Session can be called >> by >> several threads. So, Session methods must be thread safe. >> >> Maybe something is wrong with your dao. (Since that wone will be called by >> multiple threads a the same time...) >> >> Pieter >> >> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <soumya_...@yahoo.co.in> wrote: >> >> > Hi all, >> > I am fairly a newbie in wicket and would appreciate your help! >> > >> > I >> > have a wicket application which are used on Live by more than 500 >> > users. Now the problem which has arisen is - say User A logs on - he is >> > able to view details of User B. It has happened for different users and >> > I am trying to dig the real reason. >> > >> > Here is my code details - >> > 1) I use Hibernate to fetch 'Account' objects from backend passing on >> the >> > username/password. >> > >> > 2) I use >> > MyAppSession extends WebSession >> > { >> > private Account account; >> > >> > public InboundSession(Request request) >> > { >> > super(request); >> > } >> > >> > public void setAccount(Account account) >> > { >> > this.account = account; >> > } >> > >> > >> > public Account getAccount() >> > { >> > return account; >> > } >> > >> > public boolean isUserLoggedIn() >> > { >> > return account !=null; >> > } >> > >> > } >> > >> > So >> > effectively I check if the Account object in session is null or not and >> > accordingly decide whether a user is logged in or not. >> > >> > 2) In Login class I pass on the username/password to HibernateAccountDao >> > and fetch the Account object. >> > Account account = accountDao.getAccount(username, password) >> > MyAppSession session = (MyAppSession )getSession(); >> > session.setAccount(account); >> > setResponsePage(Home.class); >> > >> > So effectively I fetch the accout object using hibernate and store it in >> > wicket session. >> > But I am not sure how these account objects are getting mixed up between >> > users. >> > >> > Please can someone lead me to the route cause of the issue? >> > >> > >> > Thanks in advance! >> > SSP >> > >> > >> > The INTERNET now has a personality. YOURS! See your Yahoo! >> Homepage. >> > http://in.yahoo.com/ >> >> >> >> >> -- >> Pieter Degraeuwe >> Systemworks bvba >> Belgiƫlaan 61 >> 9070 Destelbergen >> GSM: +32 (0)485/68.60.85 >> Email: pieter.degrae...@systemworks.be >> visit us at http://www.systemworks.be >> > > > > -- > Pedro Henrique Oliveira dos Santos > -- Pedro Henrique Oliveira dos Santos