On Fri, 2008-05-02 at 08:01 -0700, sppzs wrote: > Hi Simon, > > While testing we found that > If a user A is logged from PC A > and a different user B is logged from PC B with totally different sessions > and different user logins. > The user B was able to see data from user A in his > browser session, specifically the code between the t:buffer tags in the jsf > page was showing data belonging to a different user. > Both users were logged in around the sametime. It seems like the t:buffer > contents is stored in the FacesContext, and when user B requested his page > the <h:outputText value="<BufferVariable>" /> > the <h:outputText? tag picked up the value from the FacesContext for User A. > > > FYI > Here is the contents of manifest.mf file inside Tomahawk.jar > Implementation-Title: MyFaces > Implementation-Version: 1.1.1 (October 25 2005) > Implementation-Vendor: MyFaces Project Team (http://myfaces.apache.org)
That's a really ancient version of Tomahawk... In modern versions, the place where the data is stored is specified by the "into" property, as described here: http://myfaces.apache.org/tomahawk/tlddoc/t/buffer.html You aren't specifying an application-scoped variable as the "into" expression are you? I can't see any other reason why this would happen. The FacesContext is a per-request object, and t:buffer (class BufferRenderer) just replaces the current responseWriter with a newly-created instance to capture the output. Something would need to be seriously wrong for a request-scoped variable to leak into another request. If the "into" expression looks ok, then I suggest you try upgrading. If you cannot upgrade, then you'll probably need to debug into the BufferRenderer class. I haven't heard of anyone having this problem, and have used t:buffer in the past without having this problem myself (though on a more recent tomahawk version). Regards, Simon
