You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Sawan <sa...@gmail.com> on 2007/08/03 09:26:35 UTC
Handling Session Objects
Hello experts,
I have following code...
JAVA class:
public class Support extends ActionSupport implements SessionAware
{
protected Map<String, Object> session;
public Map<String, Object> getSession() { return session; }
@SuppressWarnings({"unchecked"}) public void setSession(Map session) {
this.session = session; }
}
Action class:
public class Child extends Support
{
ArrayList alt = new ArrayList();
alt.add("Test");
public String execute() throws Exception
{
if ((ArrayList)session.get("obj")==null)
{
session.put("obj",alt);
}
}
}
I have run this code first time and set the "alt" for this session only. Now
I copied the link from the browser window and paste it in other machines
browser. But unfortunately I also got the SAME "alt" on other machine's
browser.
I was assuming that for each new browser it will generate a new session and
will set new alt for each session.
Can any expert help me for this issue...
Thanks in advance
Sawan
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a11978671
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
[OT] Re: Handling Session Objects
Posted by Dave Newton <ne...@yahoo.com>.
--- Sawan <sa...@gmail.com> wrote:
> But still I am seeing ";jsessionid=XXX" in the url.
>
> Please suggest me for any possibility for this.
- On the first request the server has no way of
knowing if you have cookies enabled.
- Server configuration doesn't know if your browser
has cookies enabled.
- It doesn't matter: the issue you had was that you
went to a different machine, used the same session id,
and were surprised when you got the same data. Now
that you know not to type in or paste the session id
you won't have that problem any more.
d.
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Sawan <sa...@gmail.com>.
Thanks a lot Dave for the detail explanation.
I have checked the META-INF/context.xml of my web application for cookies
and found that it does not have cookies attribute.
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/myWebApplication"/>
It means I have cookie enabled session.
http://jf.omnis.ch/log/archives/2004/12/disabling-session-cookie-in-tomcat.html
But still I am seeing ";jsessionid=XXX" in the url.
Please suggest me for any possibility for this.
Thanks & Regards
Sawan
newton.dave wrote:
>
> --- Sawan <sa...@gmail.com> wrote:
>>> Don't type it in / paste it when you test on the
>>> other machine.
>> Can you please explain me in detail. That what is
>> "\", What I don't type in "\", etc.
>
> ...
>
> "\", which I assume is a misspelling of "/" (the
> character I used) is used to separate two words, in my
> case "in" and "paste".
>
> I'll do my best to explain it in detail.
>
> When you test on the other machine do not include the
> ";jsessionid=XXX" in the URL.
>
> Note that the "XXX" in the previous sentence should
> not be taken literally; it is a placeholder for
> whatever the session id is.
>
> jsessionid is used by the servlet container for
> servlet tracking; it's normally found under
> circumstances when you do not have cookies enabled or
> on the first request to the application when it (the
> application) still doesn't know if you have cookies
> enabled.
>
> d.
>
>
>
>
> ____________________________________________________________________________________
> Shape Yahoo! in your own image. Join our Network Research Panel today!
> http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a12047967
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Dave Newton <ne...@yahoo.com>.
--- Sawan <sa...@gmail.com> wrote:
>> Don't type it in / paste it when you test on the
>> other machine.
> Can you please explain me in detail. That what is
> "\", What I don't type in "\", etc.
...
"\", which I assume is a misspelling of "/" (the
character I used) is used to separate two words, in my
case "in" and "paste".
I'll do my best to explain it in detail.
When you test on the other machine do not include the
";jsessionid=XXX" in the URL.
Note that the "XXX" in the previous sentence should
not be taken literally; it is a placeholder for
whatever the session id is.
jsessionid is used by the servlet container for
servlet tracking; it's normally found under
circumstances when you do not have cookies enabled or
on the first request to the application when it (the
application) still doesn't know if you have cookies
enabled.
d.
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Sawan <sa...@gmail.com>.
>Don't type it in / paste it when you test on the other
>machine.
Can you please explain me in detail. That what is "\", What I don't type in
"\", etc.
Thanks and regards
Sawan
newton.dave wrote:
>
> --- Sawan <sa...@gmail.com> wrote:
>> If the problem is due to addition of jsessionid then
>> I really wants to remove it from my url.
>
> Don't type it in / paste it when you test on the other
> machine.
>
> d.
>
>
>
>
> ____________________________________________________________________________________
> Be a better Globetrotter. Get better travel answers from someone who
> knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545469
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a12033548
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Dave Newton <ne...@yahoo.com>.
--- Sawan <sa...@gmail.com> wrote:
> If the problem is due to addition of jsessionid then
> I really wants to remove it from my url.
Don't type it in / paste it when you test on the other
machine.
d.
____________________________________________________________________________________
Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545469
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Sawan <sa...@gmail.com>.
Hi Dale,
Yes, my url includes ";jsessionid=...", but I am not adding it in my program
manually and don't know from where it is coming..? If the problem is due to
addition of ";jsessionid=..." then I really wants to remove it from my url.
Please suggest me any solution to remove ";jsessionid=..." from my url.
Thanks & regards
Sawan
DNewfield wrote:
>
> Sawan wrote:
>> Now if anyone copy and paste the url on another machine's browser,
>> then How can he/she will get the user name and password there..?
>
> If that url includes ";jsessionid=..." then sure, they've just had their
> session hijacked, including all the information you put in that session.
>
> -Dale
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a12028386
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Dale Newfield <Da...@Newfield.org>.
Sawan wrote:
> Now if anyone copy and paste the url on another machine's browser,
> then How can he/she will get the user name and password there..?
If that url includes ";jsessionid=..." then sure, they've just had their
session hijacked, including all the information you put in that session.
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Sawan <sa...@gmail.com>.
Hi Laurie,
Yes, my url includes session id, as suggested by Dale. But I am not adding
it manually and also don't know from where it is coming. If the problem is
only due to addition of session id with the url, then please suggest me to
remove it from the URL.
Thanks & Regards
Sawan
Laurie Harper wrote:
>
> Well, I can think of at least two possibilities:
>
> 1) the URL you're copying includes a session ID, as suggested by Dale
>
> 2) the URL you're copying includes request parameters for user name and
> password
>
> What is the exact URL you're copying? What do the relevant action
> mappings, JSPs and Java classes look like? You're doing something wrong,
> but we'll need to see everything to see where the problem is.
>
> L.
>
> Sawan wrote:
>> Thanks buddy for your reply,
>>
>> Very firstly I am sorry for provide the confusing code here. I am not
>> putting the same data into each session and I am sure that I am getting
>> the
>> same instance of that data , not
>> just separate copies of the same data.
>>
>> Actually I have a Login.jsp page and on click SUBMIT button the java
>> class
>> will be called. In the java class I am fetching the user name and
>> password
>> from the Login.jsp page and putting them into the session. Now if anyone
>> copy and paste the url on another machine's browser, then How can he/she
>> will get the user name and password there..? But it is happening in my
>> case.
>>
>> I think now I am able to explain in detail...:-)
>>
>> Thanks & regards
>>
>> Sawan
>>
>>
>>
>>
>>
>> Laurie Harper wrote:
>>> Firstly, you're unconditionally putting the same data into each session,
>>> so are you sure you're getting the same *instance* of that data, not
>>> just separate copies of the same data?
>>>
>>> Actions should be instantiated for each request, so if your code is as
>>> simple as you've presented and you really are getting the same instance
>>> in different sessions, there must be something wrong with your
>>> configuration somewhere.
>>>
>>> L.
>>>
>>> Sawan wrote:
>>>> Hello experts,
>>>>
>>>> I have following code...
>>>>
>>>> JAVA class:
>>>> public class Support extends ActionSupport implements SessionAware
>>>> {
>>>> protected Map<String, Object> session;
>>>> public Map<String, Object> getSession() { return session; }
>>>> @SuppressWarnings({"unchecked"}) public void setSession(Map
>>>> session)
>>>> {
>>>> this.session = session; }
>>>> }
>>>>
>>>> Action class:
>>>> public class Child extends Support
>>>> {
>>>> ArrayList alt = new ArrayList();
>>>> alt.add("Test");
>>>> public String execute() throws Exception
>>>> {
>>>> if ((ArrayList)session.get("obj")==null)
>>>> {
>>>> session.put("obj",alt);
>>>> }
>>>> }
>>>> }
>>>>
>>>> I have run this code first time and set the "alt" for this session
>>>> only.
>>>> Now
>>>> I copied the link from the browser window and paste it in other
>>>> machines
>>>> browser. But unfortunately I also got the SAME "alt" on other machine's
>>>> browser.
>>>>
>>>> I was assuming that for each new browser it will generate a new session
>>>> and
>>>> will set new alt for each session.
>>>>
>>>> Can any expert help me for this issue...
>>>>
>>>> Thanks in advance
>>>>
>>>> Sawan
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>> For additional commands, e-mail: user-help@struts.apache.org
>>>
>>>
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a12028434
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Laurie Harper <la...@holoweb.net>.
Well, I can think of at least two possibilities:
1) the URL you're copying includes a session ID, as suggested by Dale
2) the URL you're copying includes request parameters for user name and
password
What is the exact URL you're copying? What do the relevant action
mappings, JSPs and Java classes look like? You're doing something wrong,
but we'll need to see everything to see where the problem is.
L.
Sawan wrote:
> Thanks buddy for your reply,
>
> Very firstly I am sorry for provide the confusing code here. I am not
> putting the same data into each session and I am sure that I am getting the
> same instance of that data , not
> just separate copies of the same data.
>
> Actually I have a Login.jsp page and on click SUBMIT button the java class
> will be called. In the java class I am fetching the user name and password
> from the Login.jsp page and putting them into the session. Now if anyone
> copy and paste the url on another machine's browser, then How can he/she
> will get the user name and password there..? But it is happening in my case.
>
> I think now I am able to explain in detail...:-)
>
> Thanks & regards
>
> Sawan
>
>
>
>
>
> Laurie Harper wrote:
>> Firstly, you're unconditionally putting the same data into each session,
>> so are you sure you're getting the same *instance* of that data, not
>> just separate copies of the same data?
>>
>> Actions should be instantiated for each request, so if your code is as
>> simple as you've presented and you really are getting the same instance
>> in different sessions, there must be something wrong with your
>> configuration somewhere.
>>
>> L.
>>
>> Sawan wrote:
>>> Hello experts,
>>>
>>> I have following code...
>>>
>>> JAVA class:
>>> public class Support extends ActionSupport implements SessionAware
>>> {
>>> protected Map<String, Object> session;
>>> public Map<String, Object> getSession() { return session; }
>>> @SuppressWarnings({"unchecked"}) public void setSession(Map session)
>>> {
>>> this.session = session; }
>>> }
>>>
>>> Action class:
>>> public class Child extends Support
>>> {
>>> ArrayList alt = new ArrayList();
>>> alt.add("Test");
>>> public String execute() throws Exception
>>> {
>>> if ((ArrayList)session.get("obj")==null)
>>> {
>>> session.put("obj",alt);
>>> }
>>> }
>>> }
>>>
>>> I have run this code first time and set the "alt" for this session only.
>>> Now
>>> I copied the link from the browser window and paste it in other machines
>>> browser. But unfortunately I also got the SAME "alt" on other machine's
>>> browser.
>>>
>>> I was assuming that for each new browser it will generate a new session
>>> and
>>> will set new alt for each session.
>>>
>>> Can any expert help me for this issue...
>>>
>>> Thanks in advance
>>>
>>> Sawan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>> For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Sawan <sa...@gmail.com>.
Thanks buddy for your reply,
Very firstly I am sorry for provide the confusing code here. I am not
putting the same data into each session and I am sure that I am getting the
same instance of that data , not
just separate copies of the same data.
Actually I have a Login.jsp page and on click SUBMIT button the java class
will be called. In the java class I am fetching the user name and password
from the Login.jsp page and putting them into the session. Now if anyone
copy and paste the url on another machine's browser, then How can he/she
will get the user name and password there..? But it is happening in my case.
I think now I am able to explain in detail...:-)
Thanks & regards
Sawan
Laurie Harper wrote:
>
> Firstly, you're unconditionally putting the same data into each session,
> so are you sure you're getting the same *instance* of that data, not
> just separate copies of the same data?
>
> Actions should be instantiated for each request, so if your code is as
> simple as you've presented and you really are getting the same instance
> in different sessions, there must be something wrong with your
> configuration somewhere.
>
> L.
>
> Sawan wrote:
>> Hello experts,
>>
>> I have following code...
>>
>> JAVA class:
>> public class Support extends ActionSupport implements SessionAware
>> {
>> protected Map<String, Object> session;
>> public Map<String, Object> getSession() { return session; }
>> @SuppressWarnings({"unchecked"}) public void setSession(Map session)
>> {
>> this.session = session; }
>> }
>>
>> Action class:
>> public class Child extends Support
>> {
>> ArrayList alt = new ArrayList();
>> alt.add("Test");
>> public String execute() throws Exception
>> {
>> if ((ArrayList)session.get("obj")==null)
>> {
>> session.put("obj",alt);
>> }
>> }
>> }
>>
>> I have run this code first time and set the "alt" for this session only.
>> Now
>> I copied the link from the browser window and paste it in other machines
>> browser. But unfortunately I also got the SAME "alt" on other machine's
>> browser.
>>
>> I was assuming that for each new browser it will generate a new session
>> and
>> will set new alt for each session.
>>
>> Can any expert help me for this issue...
>>
>> Thanks in advance
>>
>> Sawan
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Handling-Session-Objects-tf4211020.html#a12011091
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Handling Session Objects
Posted by Laurie Harper <la...@holoweb.net>.
Firstly, you're unconditionally putting the same data into each session,
so are you sure you're getting the same *instance* of that data, not
just separate copies of the same data?
Actions should be instantiated for each request, so if your code is as
simple as you've presented and you really are getting the same instance
in different sessions, there must be something wrong with your
configuration somewhere.
L.
Sawan wrote:
> Hello experts,
>
> I have following code...
>
> JAVA class:
> public class Support extends ActionSupport implements SessionAware
> {
> protected Map<String, Object> session;
> public Map<String, Object> getSession() { return session; }
> @SuppressWarnings({"unchecked"}) public void setSession(Map session) {
> this.session = session; }
> }
>
> Action class:
> public class Child extends Support
> {
> ArrayList alt = new ArrayList();
> alt.add("Test");
> public String execute() throws Exception
> {
> if ((ArrayList)session.get("obj")==null)
> {
> session.put("obj",alt);
> }
> }
> }
>
> I have run this code first time and set the "alt" for this session only. Now
> I copied the link from the browser window and paste it in other machines
> browser. But unfortunately I also got the SAME "alt" on other machine's
> browser.
>
> I was assuming that for each new browser it will generate a new session and
> will set new alt for each session.
>
> Can any expert help me for this issue...
>
> Thanks in advance
>
> Sawan
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org