0

In index.jsp I have a logo which when clicked goes to the login functionlaity in Admin.java.I have the login authentication in Admin.java.After the work is done the same logo in index.jsp is used to log out. The message does come you have logged out.

But once again when some other user tries to login it takes the username and password same as the previous user.

Example if user1 has logged in with username-user1 and password-user1 and after log out. When another user2 tries to login and enters username-user2 and password-user2 the system takes the arguments as username-user1 and password=user1.

How do I manage my sessions? I have not used cookies. I tried to check the codes in internet to help me out. But my problem is not explained best by any example.

Regards, Archana.

skaffman
  • 398,947
  • 96
  • 818
  • 769
Archana
  • 237
  • 3
  • 9
  • 17

2 Answers2

0

Do you implement Serializable in your Managed Bean class? Like:

@ManagedBean("MyBean")
@SessionScoped
public class MyBean implements Serializable {
...
}

Also, if it's just a login, I think you could use the Request scope.

Can you try this?

Gabriel L. Oliveira
  • 3,922
  • 6
  • 31
  • 40
  • I have not implemented Seralizable and do have a Managed bean class. It is a login after which the user in case of admin can update the database or search the database and logout. Another user can enter his login to check the changes or search for a criteria in the database. The Database is about books. The application is a kind of replica to a search engine with additional function of login. – Archana Mar 22 '11 at 09:10
  • So, can you try to implement serializable, and see if it solve your problem? Also, recheck your get and set methods for username and password – Gabriel L. Oliveira Mar 22 '11 at 09:24
  • I am very new to the topic of serializable. I have searched the net but cannot get the correct use of serializable. What is managed bean class and how will it help my problem? Can you please tell me some documents where I can look into and get my problem solved. – Archana Mar 23 '11 at 04:16
  • @Gabriel: how did you know that OP is using JSF? The question doesn't give anything away, neither does OP's question history. @Archana: are you really using JSF? If not, you should ignore this answer since it only confuses things more. – BalusC Mar 23 '11 at 04:49
  • No I am not using JSF. Ok I will ignore this answer. – Archana Mar 23 '11 at 05:35
  • The same applies to JSP. Make mine BalusC words. – Gabriel L. Oliveira Mar 23 '11 at 12:58
0

But once again when some other user tries to login it takes the username and password same as the previous user.

This can happen when the bean is application scoped instead of session scoped or when you have declared the username/password as static variables. This way it's going to be shared among all users.

How do I manage my sessions? I have not used cookies. I tried to check the codes in internet to help me out. But my problem is not explained best by any example.

Just put bean in session scope and do not assign user-specific data as static variables. You also don't need to worry about sessions/cookies. The servletcontainer will worry about this all itself and handle it fully transparently for you. See also this answer to learn what happens under the covers.

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • I have the variables String username and String password within the doGet Method of Admin.java. They are not declared as Static. How do I put the bean in session scope. I understood what you have written in the answer link but I am not able to implement the same. In Admin.java I have declared HttpSession variable named session. And before the username and password fields are taking values. I have used session=request.getSession. And then I print the session.getId to know the value taken by session. How will this help me?I am totally confused.Sorry. – Archana Mar 23 '11 at 04:42
  • You've declared `HttpSession` as a member variable of `Admin` class? The same `Admin` class is shared between multiple users? So, you're sharing the session of user X with user Y? That's really not how stuff works.. You should *never ever* declare request, response or session as a member variable of some class which is shared between multiple users (read: between multiple threads). To store objects in session, you should be using session.setAttribute(). Regardless, I'd recommend to pick a decent book/tutorial to learn Servlet properly. Start here: http://stackoverflow.com/tags/servlets/info – BalusC Mar 23 '11 at 04:46