You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "McDowell, Paula" <Pa...@SUG.com> on 2008/06/01 20:38:22 UTC
RE: Session Data overlap?
Not sure of the affected code. It happens periodically on all our
secure pages. My thoughts are just guesses at this point.
Thanks for you help,
Paula
-----Original Message-----
From: Martin Gainty [mailto:mgainty@hotmail.com]
Sent: Saturday, May 31, 2008 10:49 AM
To: Struts Users Mailing List
Subject: RE: Session Data overlap?
very little we can help you with until we see the effected code
for example we have account Name clearly scoped as session
<s:set name="accountName" value="accountName" scope="session" />not much
room for obfuscation here as the jobz object is clearly scoped as
request
<s:property value="#session\['accountName'\]"/>
HTH
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official
business of Sender. This transmission is of a confidential nature and
Sender does not endorse distribution to any party other than intended
recipient. Sender does not necessarily endorse content contained within
this transmission.
> Subject: RE: Session Data overlap?
> Date: Sat, 31 May 2008 09:17:33 -0500
> From: Paula.McDowell@SUG.com
> To: user@struts.apache.org
>
> My thoughts too, but this is when the sharing begins displaying the
data
> from another user's session. Not realizing it is NOT their account
> information they proceed with submitting the form for an update. For
> example, pay bill. Without looking at the account information on the
> screen, the user assumes that since they authenticated with their user
> id and password that it is THEIR account information being displayed,
so
> they continue with entering payment information and submitting the
form.
> Originally, it was the account stored in session, but at some point,
for
> example when the pay bill page displayed, it was using the account
> object from another user's session.
>
> I'm not sure why we are having the issue of session data being shared.
> I'm resorting to finding someone who has either seen something similar
> or can recommend a workaround.
>
> Any suggestion at this point will be extremely helpful!
>
> Paula
>
> -----Original Message-----
> From: news [mailto:news@ger.gmane.org] On Behalf Of Laurie Harper
> Sent: Thursday, May 29, 2008 5:59 PM
> To: user@struts.apache.org
> Subject: Re: Session Data overlap?
>
> That wouldn't be an issue, in and of itself; it's normal usage. What
> makes you think that's the source of the problem?
>
> L.
>
> McDowell, Paula wrote:
> > There are session variables that are used in the jsps to display the
> > account information. I think it's here where the problem lies, but
> I'm
> > not sure why. Here is an example of the account session variable
> being
> > used on the page. Any thoughts as to why this would be an issue?
> >
> > Thanks,
> > Paula
> >
> > <tr>
> > <td>
> > <c:out value="${account.custName}" />
> > </td>
> > </tr>
> >
> > -----Original Message-----
> > From: Dave Newton [mailto:newton.dave@yahoo.com]
> > Sent: Thursday, May 29, 2008 10:38 AM
> > To: Struts Users Mailing List
> > Subject: RE: Session Data overlap?
> >
> > --- "McDowell, Paula" <Pa...@SUG.com> wrote:
> >> Thanks. I don't have any static variables. . . I'm assuming you
are
> >> speaking of the contextRelative attribute on forwards? If not,
> >> please explain actions defined as Context-level.
> >
> > I think he was asking if your actions have any member variables that
> > shouldn't be shared across requests/sessions/etc.
> >
> > Dave
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
> > Private and confidential as detailed here:
> http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access
> the link, please e-mail sender.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
> Private and confidential as detailed here:
http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access
the link, please e-mail sender.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
_________________________________________________________________
Keep your kids safer online with Windows Live Family Safety.
http://www.windowslive.com/family_safety/overview.html?ocid=TXT_TAGLM_WL
_Refresh_family_safety_052008
Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
RE: [OT] RE: Session Data overlap?
Posted by "McDowell, Paula" <Pa...@SUG.com>.
Yes. These are the only pages that display session "account"
information.
-----Original Message-----
From: Dave Newton [mailto:newton.dave@yahoo.com]
Sent: Sunday, June 01, 2008 1:50 PM
To: Struts Users Mailing List
Subject: [OT] RE: Session Data overlap?
--- On Sun, 6/1/08, McDowell, Paula <Pa...@SUG.com> wrote:
> It happens periodically on all our secure pages.
*Only* the secure pages?
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Private and confidential as detailed here: http://www.sug.com/disclaimers/default.htm#Mail . If you cannot access the link, please e-mail sender.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
[OT] RE: Session Data overlap?
Posted by Dave Newton <ne...@yahoo.com>.
--- On Sun, 6/1/08, McDowell, Paula <Pa...@SUG.com> wrote:
> It happens periodically on all our secure pages.
*Only* the secure pages?
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org