Solved

Session variable being overidden!!!

Posted on 2001-07-19
38
415 Views
Last Modified: 2008-02-01
Experts,

I have a this session problem, the session variable being overidden. Let me briefly explain, lets say I login into page A and the session variable is set to "A". Then I open another browser and I login to page A again and the session variable sets it to "B". This value "B" overides the first session variable. Why ???? I am using netscape navigator as my browser and the web server is netscape enterprise 4, the application code is JSP.

I need help urgently. Thanks


Cheers
0
Comment
Question by:jason101799
  • 17
  • 17
  • 2
  • +2
38 Comments
 
LVL 92

Expert Comment

by:objects
ID: 6297596
SOunds like it's the same session variable.
Can u give some more detail about what you're doing.
0
 
LVL 6

Expert Comment

by:kotan
ID: 6297602
This is because you open 2 netscape browser in the same computer. Normally, it will overide the data received.
You can try to open 1 netscape and 1 IE in the same computer, I think it should be worked fine.
0
 

Author Comment

by:jason101799
ID: 6297627
objects,

Okie, Let says I login the first time and I set Session variable "test" = "Malaysia" then I do a select statement to retrieves all information based on Malaysia. It works fine. Then I login again using another ID, this time the session variable "test" is set to "Australia" then I do a select statement and all the data ties to Australia is returned. Unfortunately, when I click on the first browser which its session variable assign as "Malaysia" was overwritten by the second browser session variable as "Australia".

Why it happens on Netscape but not IE. I have worked on IIS and I have never come across such issue. Can u guyz advice?

Cheers
0
 
LVL 7

Expert Comment

by:tomboshell
ID: 6297673
It is the same browser on the same machine, with two instances of that browser accessing the same server at basically similar times.  I would say that the two instances of the browser is seen as the same thing, or same connection.  I wouldn't think that there is an easy work-around, but I am interested in hearing if there is one.

Tom
0
 

Author Comment

by:jason101799
ID: 6297691
Tomb,

I thought each session should be unique and the web server should be able to identify which session requested this page and return the value accrodingly. IIS do not have this issue. I wonder why???


Cheers
0
 
LVL 92

Accepted Solution

by:
objects earned 100 total points
ID: 6297720
From the Enterprise server manual:

"Session objects maintain state and user identity across multiple page requests over the normally stateless HTTP protocol. A session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session either by using cookies or by rewriting URLs. "
0
 

Author Comment

by:jason101799
ID: 6297763
objects,

I am lost, please enlighten.


Cheers
0
 
LVL 92

Expert Comment

by:objects
ID: 6297812
That's how it's behaving isn't it.

0
 

Author Comment

by:jason101799
ID: 6297842
Objects,

Is there a way I can control this situation??? I am in a dilemma. Perhaps you can suggest a better solution.


Cheers
0
 
LVL 92

Expert Comment

by:objects
ID: 6297862
Hmm, enterprise server allows you to write your own session manager but that's probably a bit of an overkill.

If you can differentiate between the two instances then you could provide some prefix (or suffix) to your session variable names.

test.1 = "Australia"
test.2 = "Malaysia"


0
 

Author Comment

by:jason101799
ID: 6300593
Object,

Actually this session is a common session and every user that logs in will be accessing the same variable. This session variable will be used through out the application. Perhaps you can advice on creating a unique sessions for each login.

Thanks in advance.

Cheers
Jason
0
 
LVL 92

Expert Comment

by:objects
ID: 6300626
I'm confused, your problem is that one page is overriding a variable from another page (same session).
But then you say that every user that logs in will be accessing the same variable, so naturally the value is getting overwritten.
So do you need to maintain a different version of 'test' for every user, or every window, or what?


0
 

Author Comment

by:jason101799
ID: 6300757
Objects,

Let me clarify, there is a common page whereby every user will access it. Lets say "login.jsp", in this page once a user has been verified, I will assign the country code to a session variable "test". Lets say I open another browser on the same PC, I login as a different user and accessing the same page "login.jsp". Once successful, I assign a different country code to the session variable "test"(because it's a different user). But the second value in the second browser overides the first value stored in the same session variable earlier(first browser).

I hope this clarify the ambiguity that u had. Can u suggest any idea??

Cheers
Jason

0
 
LVL 92

Expert Comment

by:objects
ID: 6300781
Different users getting the same session, don't like that.

WHat not append the username to the the 'test' variable name:

test.john="oz"
test.bob="png"
0
 

Author Comment

by:jason101799
ID: 6300840
Objects,

If I append the username to the session variable, how am I to get this value from another page or should I say how am I suppose to recognise that which session variable I need to take it's value?

In page "select.jsp" I will select the data based on the user country code. ("Select * from country where ctry_id = session("test")") My question is how can I tell browser a to use test.john and browser b to use test.bob .Both browser will be accessing page "select.jsp"

Any idea?

Cheers
Jason
0
 
LVL 92

Expert Comment

by:objects
ID: 6300887
Is the user name available to you?
0
 

Author Comment

by:jason101799
ID: 6300894
Object,

I can use the user ID and make it unique.

Cheers

0
 
LVL 92

Expert Comment

by:objects
ID: 6300901
The following reference may help, it recomends using URLRewriting instead of cookies to pass the session id:

http://www.jguru.com/faq/view.jsp?EID=142445

0
 

Author Comment

by:jason101799
ID: 6301131
Obj,

I have tried that, but it's giving a funny problem. If you are using URLRewritting, I have to disable the cookies first, which I think it's difficult because it's on the client site. Maybe I used the wrong methods of writting, do you have any idea to fix it in URLRewritting?

Cheers
Jason
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 92

Expert Comment

by:objects
ID: 6301147
I don't think you actually can :(
But it does make it a bit clearer regards what's going on, and that always make finding a solution a little easier.
0
 
LVL 92

Expert Comment

by:objects
ID: 6301148
0
 

Author Comment

by:jason101799
ID: 6301272
Obj,

If you come up with a solutions please feel free to drop me a word or two. I will be grateful, in the meantime I hope others can contribute is they have any ideas.


Cheers
Jason
0
 
LVL 92

Expert Comment

by:objects
ID: 6301280
It's really up to you, the facts are that two browser window share the same set of cookies and so share session id's.
So if you need to support different users logging in from the same browser at the same time then you'll need to implement something along the lines that I mentioned above (append userid to variable name).
Other options are ignoring cookies which appears platform dependant, or don't allow concurrent logins from one browser by different users.

It's up to u.
Sorry I couldn't be more help :(
0
 

Author Comment

by:jason101799
ID: 6301298
Obj,

How can I detect that a particular user has access this page "login.jsp" and when he/she tries to open another browser pointing to "login.jsp" I will prompt them to close one browser only.


Cheers
0
 
LVL 92

Expert Comment

by:objects
ID: 6301305
Can u maintain the currently logged in userid in a session variable.
0
 

Author Comment

by:jason101799
ID: 6301465
Objects,

If I append it to a Session variable, lets say "test.John", it should not be a problem.My main concern will be how do I differentiate which session variable I should use when two user login from two different browser?



Ex:
After UserID "one" login through browser "A", I set the session variable "test.one" to "Malaysia".I do a select statement to retrieve  all data based on "Malaysia".

Then another USerID login as "two" through browser "B", I set the session variable "test.two" to "Australia". AT this stage how can my select statement detects which session variable to be used as the where clause?

My select statement: "Select * from country where country_cd = '" + Session("variable") + "'"

The variable for the session cannot be distinguish between the two browser. The two browser will not know which to choose unless I can specify it.

Cheers
Jason
0
 
LVL 92

Expert Comment

by:objects
ID: 6301486
Can you do something like:?

"Select * from country where
country_cd = '" + Session("variable"+userid) + "'"

Or can you set a variable when someone logs in, and clear it when they logout:

"currentlogin"=userid

And then when someone logs in, check if if sets and performa suitable action.
0
 

Author Comment

by:jason101799
ID: 6307118
Obj,

Setting the variable is not a problem, but getting the select statement to recognise which session variable to choose from will be a headache.

As I mentioned earlier , the select statement will be used by any user but the where clause depends on the user id. How can I differentiate User One and User Two??

"Select * from country where country_cd = '" + Session("test.john") + "'" or "Select * from country where country_cd = '" + Session("test.mary") + "'" ??. Object, at this stage I can't tell the select statement to choose which session variable because there are two user logging in. Any idea?

Cheers
Jason
0
 

Author Comment

by:jason101799
ID: 6307120
Obj,

Setting the variable is not a problem, but getting the select statement to recognise which session variable to choose from will be a headache.

As I mentioned earlier , the select statement will be used by any user but the where clause depends on the user id. How can I differentiate User One and User Two??

"Select * from country where country_cd = '" + Session("test.john") + "'" or "Select * from country where country_cd = '" + Session("test.mary") + "'" ??. Object, at this stage I can't tell the select statement to choose which session variable because there are two user logging in. Any idea?

Cheers
Jason
0
 

Author Comment

by:jason101799
ID: 6307122
Obj,

Setting the variable is not a problem, but getting the select statement to recognise which session variable to choose from will be a headache.

As I mentioned earlier , the select statement will be used by any user but the where clause depends on the user id. How can I differentiate User One and User Two??

"Select * from country where country_cd = '" + Session("test.john") + "'" or "Select * from country where country_cd = '" + Session("test.mary") + "'" ??. Object, at this stage I can't tell the select statement to choose which session variable because there are two user logging in. Any idea?

Cheers
Jason
0
 
LVL 92

Expert Comment

by:objects
ID: 6307294
Is it possible to post or email the jsp page.
Be easier to work out a solution if we're both looking at the same thing.
0
 

Author Comment

by:jason101799
ID: 6307365
Ok, let me email it to u. Whats ur email address?
0
 
LVL 92

Expert Comment

by:objects
ID: 6310424
Its on my profile.
0
 
LVL 92

Expert Comment

by:objects
ID: 6310831
You could use something along these lines in verify.jsp to check if someone is already logged in.  Another option would be not show the login screen if "user_id" already exists in the session, forcing them to first logout the session.


String current_user = (String)session.getValue("user_id");
if (current_user!=null)
{
   // Someone is already logged in using this session

   if (current_user.equals(userid))
   {
     // same user
   }
   else
   {
      // different user
   }
}
else
{
   // Proceed as normal
}

0
 

Author Comment

by:jason101799
ID: 6310927
Object,

The unique key in my user table will be "userid" and "country_cd". I can assign same userid but different country code.

The mehtod that you advice is mainly to check for userid, but my concern will be the assignment of country_code for that user. Once log in successful, I will check the user's country code and assign to a session variable. I will do my select statement base on this session variable that stores the country code.

How can I abandon all the session if I click logout?? (JSP)

Cheers
0
 
LVL 92

Expert Comment

by:objects
ID: 6311465
> How can I abandon all the session if I click logout?? (JSP)

You'd just need to remove userid from the session. That way next time they tried to login it they would be allowed.
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6853429
jason@lc,

These questions are still open. Please resolve them appropriately as soon as possible. Continued disregard of your open questions will result in the force/acceptance of a comment as an answer; other actions affecting your account may also be taken. I will revisit these questions in approximately seven (7) days.

http://experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20167319
http://experts-exchange.com/jsp/qShow.jsp?ta=java&qid=20153401
http://experts-exchange.com/jsp/qShow.jsp?ta=java&qid=20151128
http://experts-exchange.com/jsp/qShow.jsp?ta=java&qid=20146743
http://experts-exchange.com/jsp/qShow.jsp?ta=javascript&qid=20150594
http://experts-exchange.com/jsp/qShow.jsp?ta=visualbasic&qid=20245522
http://experts-exchange.com/jsp/qShow.jsp?ta=asp&qid=20239352
http://experts-exchange.com/jsp/qShow.jsp?ta=asp&qid=20166221
http://experts-exchange.com/jsp/qShow.jsp?ta=xml&qid=20243323
http://experts-exchange.com/jsp/qShow.jsp?ta=exchangesvr&qid=20240796

EXPERTS: Please leave your thoughts on this question here.

Thanks,

Netminder
Community Support Moderator
Experts Exchange
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6887721
Admin notified of User neglect. Force-accepted by
Netminder
Community Support Moderator
Experts Exchange
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Viewers learn about the third conditional statement “else if” and use it in an example program. Then additional information about conditional statements is provided, covering the topic thoroughly. Viewers learn about the third conditional statement …
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now