I want to use session attributes to save info on a user who wants to
navigate my site. When the user logs in I use:
HttpSession sess = request.getSession(true);
sess.setAttribute("customer", customer);
where customer is an object I have instantiated earlier. This works
fine and I can view values from this object using the following code
in index.jsp:
CustomerBOImpl cust = null;
if(session.getAttribute("customer") != null){
cust = (CustomerBOImpl)session.getAttribute("customer");}
out.println(cust.getFname());%> <%out.println(cust.getLname());
This prints out the first name and last name just fine. The problem
comes when someone else tries to access the same index.jsp. It opens
up the page, gives them a separate session ID, but this different
session contains the same customer object of the last person who
logged in.
My question is: What is the proper manner to set session attributes
and then retrieve them in a JSP servlet?