Session variables not clearing

Similar Messages

• Session variable not passing between pages

  Hi, I've got a form that calculates checkbox values and puts them in a total field called txtTotal. When the user clicks send, I need to pass the total to a payment page.  The form page has PHP
  session_start();
  $_SESSION['sessTotal'] = $_POST['txtTotal'];
  and the payment page has
  session_start(); at the top of the page and <?php echo $_SESSION['sessTotal']; ?> where I want the total to display. The total does not carry over to the payment page and I can't work out why.
  Here is all the PHP from the form page as I'm pretty new to PHP and not sure if there's a conflict (should session_start appear more than once?)  Thanks guys
  <?php require_once('Connections/df.php'); ?>
  <?php
  //initialize the session
  if (!isset($_SESSION)) {
  session_start();
  $_SESSION['sessTotal'] = $_POST['txtTotal'];
  // ** Logout the current user. **
  $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
  if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
    $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
  if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
    //to fully log out a visitor we need to clear the session varialbles
    $_SESSION['MM_Username'] = NULL;
    $_SESSION['MM_UserGroup'] = NULL;
    $_SESSION['PrevUrl'] = NULL;
    unset($_SESSION['MM_Username']);
    unset($_SESSION['MM_UserGroup']);
    unset($_SESSION['PrevUrl']);
    $logoutGoTo = "index.php";
    if ($logoutGoTo) {
      header("Location: $logoutGoTo");
      exit;
  ?>
  <?php
  if (!isset($_SESSION)) {
    session_start();
  $MM_authorizedUsers = "";
  $MM_donotCheckaccess = "true";
  // *** Restrict Access To Page: Grant or deny access to this page
  function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;
    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
      // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
      // Parse the strings into arrays.
      $arrUsers = Explode(",", $strUsers);
      $arrGroups = Explode(",", $strGroups);
      if (in_array($UserName, $arrUsers)) {
        $isValid = true;
      // Or, you may restrict access to only certain users based on their username.
      if (in_array($UserGroup, $arrGroups)) {
        $isValid = true;
      if (($strUsers == "") && true) {
        $isValid = true;
    return $isValid;
  $MM_restrictGoTo = "index.php";
  if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {  
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
    $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
  ?>
  <?php
  if (!function_exists("GetSQLValueString")) {
  function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    if (PHP_VERSION < 6) {
      $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
    $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
    switch ($theType) {
      case "text":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;   
      case "long":
      case "int":
        $theValue = ($theValue != "") ? intval($theValue) : "NULL";
        break;
      case "double":
        $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
        break;
      case "date":
        $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
        break;
      case "defined":
        $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
        break;
    return $theValue;
  $colname_userDets = "-1";
  if (isset($_SESSION['MM_Username'])) {
    $colname_userDets = $_SESSION['MM_Username'];
  mysql_select_db($database_df, $df);
  $query_userDets = sprintf("SELECT usersId, userName, password, name FROM users WHERE userName = %s", GetSQLValueString($colname_userDets, "text"));
  $userDets = mysql_query($query_userDets, $df) or die(mysql_error());
  $row_userDets = mysql_fetch_assoc($userDets);
  $totalRows_userDets = mysql_num_rows($userDets);
  ?>

  OK I got it.  I needed 
  session_start();
  $_SESSION['sessTotal'] = $_POST['txtTotal'];
  on the payments page as well, not just session_start();

• Session variable not storing in custom trigger

  I have a custom trigger in which I want to store a session variable , so i can use the value in the insert transaction which happens after. But for some reason the session variable is not stored, resulting in the data not being stored.
  any clues would help.
  rudi
  here are the relevant code:
  //start Trigger_Custom_Subject_Mentor trigger
  function Trigger_Custom_Subject_Mentor(&$tNG) {
  //Check subject exists
  @session_start();
  $_SESSION['sb_id'] = $subject_id;
  //end Trigger_Custom_Subject_Mentor trigger
  // Make an insert transaction instance
  $ins_share = new tNG_insert($conn_smart);
  $tNGs->addTransaction($ins_share);
  // Register triggers
  $ins_share->registerTrigger("STARTER", "Trigger_Default_Starter", 1, "POST", "KT_Insert1");
  $ins_share->registerTrigger("END", "Trigger_Redirect", 90);
  // Add columns
  $ins_share->setTable("`share`");
  $ins_share->addColumn("share_item", "NUMERIC_TYPE", "POST", "share_item");
  $ins_share->addColumn("share_subject", "NUMERIC_TYPE", "SESSION", "sb_id");
  $ins_share->setPrimaryKey("share_id", "NUMERIC_TYPE");
  // Register triggers
  $ins_share->registerTrigger("STARTER", "Trigger_Default_Starter", 1, "POST", "KT_Insert1");
  $ins_share->registerTrigger("BEFORE", "Trigger_Custom_Subject_Mentor", 50);
  $ins_share->registerTrigger("END", "Trigger_Default_Redirect", 99, "share.php?item_id={share_item}");

  hi User,
  1) Pull a dummy column in Fx use the Session variable --->(Variable -->session )
  2) Next, goto narrative view in Narrative view section use @1
  3) If u want you can hide the column that we created in criteria section

• Function module Global variables not cleared from memory?

  Hi,
  This is may be simple & stupid question ( after posting  4242 posts ):)
  " Declaration in TOP
  data : begin of i_y1yatt occurs 0.
          include structure y1yatt.
  data : end of i_y1yatt.
  types: begin of t_yatt71.
         include structure yatt71.
  types: tcode like sy-tcode.
  types: dflag type c.
  types: end of t_yatt71.
  data : i_yatt71 type standard table of t_yatt71
                 with default key  with header line  initial size 0.
  This is code in the function module.
    loop at i_y1yatt.
      move-corresponding o_y1yatt to i_yatt71.
      if i_y1yatt-werks eq 'N501'.
         move space to i_yatt71-werks.
      endif.
      append i_yatt71. 
      " Here this internal contains the previous entry
      clear i_yatt71.
    endloop.
  This function module is called 25 times in a minute.
  My problem is this
  For example : 1st tranmission is called this fm with 50 records,
  and 2nd tranmission is called fm with 10 records.
  My results are showing
  last record in the 1st transmission is still on the memory while calling 2nd transmission.  ( Here in int table I_YATT71 still contains the 1st transmission's last records during the 2nd tranmission call)
  As per my knowledge if each time calls comes in to fm all gloabl variables get cleared. but some how this not happening.
  Anybody come across this scenario.
  PS. I know i need to use clear statement within the loop as first statement.
  a®

  You must understand that when calling a FM, you load the entire function group into memory. IF there are global variables, then they are "alive" for the entire duration of the program execution. Meaning if you call the function numerious times, or even if you call another function within the same function group, the functions still have access to that same global variable space, so it must always be cleared manually by the developer at the required points.  You can not rely on the runtime to clear the global variables at the end of the function call.  So you should clear all you globals as the first operation in your function module call, if that is what is required.
  Is this clear?
  Regards,
  Rich Heilman

• Row level security with session variables, not a best practice?

  Hello,
  We are about to implement row level security in our BI project using OBIEE, and the solution we found most convenient for our requirement was to use session variables with initalization blocks.
  The problem is that this method is listed as a "non best practice" in the Oracle documentation.
  Alternative Security Administration Options - 11g Release 1 (11.1.1)
  (This appendix describes alternative security administration options included for backward compatibility with upgraded systems and are not considered a best practice.)
  Managing Session Variables
  System session variables obtain their values from initialization blocks and are used to authenticate Oracle Business Intelligence users against external sources such as LDAP servers or database tables. Every active BI Server session generates session variables and initializes them. Each session variable instance can be initialized to a different value. For more information about how session variable and initialization blocks are used by Oracle Business Intelligence, see "Using Variables in the Oracle BI Repository" in Oracle Fusion Middleware Metadata Repository Builder's Guide for Oracle Business Intelligence Enterprise Edition.
  How confusing... what is the best practice then?
  Thank you for your help.
  Joao Moreira

  authenticating / authorizing part is take care by weblogic and then USER variable initialized and you may use it for any initblocks for security.
  Init block for authenticating / authorizing and session variables are different, i guess you are mixing both.

• Session Variables Not Sticking

  We are having issue with Session variables sticking from page to page in our Admin area of our website. You can login, but as soon as you click on another link (or anything) they drop.  
  It's not a code issue because we have the same code on 2 other networks and it works fine. We also have the same code on our backup website on the same network and it works fine.  The backup is on a different server in a different location. So that's 3 networks the code is running fine on. It even worked on this network on the main website up until about 9 months ago. I've verified/reverified the code mutiple times. Something must have happened with security patches, some IIS setting, or other server related issue.  We are running 2003 Windows Server Edition SP2 and Coldfusion version 8,0,1,195765. 
  The browsers used are IE7 and IE8. I don't think it's a browser issue because I can open another tab in the same browser and login and stay logged in on the website on another network.  We have already gone into browser advanced settings to make sure session variables are allowed. We've also had a couple of other admins look at it from various locations throughout the Country and they also cannot stay logged in on our main site. They can all stay logged in on the backup site. 
  Frustrating beyond belief. I'm betting it's a Microsoft issue.  Anybody out there have a similar issue or know what it might be?

  I've experienced a similar problem with CF8 using IE8. I've narrowed it down to being cookie related which causes CF to loose the existing session and create a new session. For me, I can consistently duplicate the issue by having multiple tabs open to various sites and then accessing my site to login -- login is successful but the first page request is treated as unauthorized because the session is empty. If I shutdown and restart the browser and bring up only my site, everything works fine. And once I'm logged in, I have never lost a session by opening other tabs. And this has never failed using Firefox or Safari. What is very strange is that I have multiple sites using CF8 and CF9 and only one exibits this behaviour.

• Session Variable not producing results in answers

  Hi,
  I have a Session initialization block and I have the variable target assigned to a variable region_info. My SQL is this "select Region from SH.USER_INFO where UPPER(USER_ID)=UPPER(':USER'). It gives me the correct results in RPD.
  In answers and in the filter I say Region is equal to/is in NQ_SESSION.Region_info until this point it works great.
  How would I modify it to accept multiple rows. I tried the Row-wise initialization and I am getting an error, saying NQ_SESSION.Region_info has no value definition. How can I make it work if the initialization block returns multiple rows and in the answers if I have to pass them both in my filter?
  Please help. Thank you.

  ssk,
  No,it will not work u can't use that in answers fx
  http://download.oracle.com/docs/cd/E12096_01/books/admintool/admintool_Variables5.html
  http://108obiee.blogspot.com/2009/10/using-multiple-values-row-wise-session.html
  Thanks,
  Saichand.v

• Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

  Hi all,
  I'm running a site that requires user login.  I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
  However, I guess I never learned the correct way to handle a user login.  It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number.  Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
  <cfset This.Sessionmanagement=true>
  <cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
     <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
       <cflocation url="../index.cfm" addtoken="no">
     </cfif>
  ...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID.  If not, all session variables are cleared and it bounces you back to the login page.  When the user clicks Logout, all I do is delete all the session variables.
  This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity.  You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application).  I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
  SO:  any reason you can think of why session variables would be spontaneously clearing for some people?  Would having your router reset its IP address invalidate the session or something?  Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
  And on a more general note... did I go about this completely the wrong way to begin with?  If so, what's the standard way to manage a login?
  Lots of questions, I know... thanks very much for any answers or suggestions!
  Joe

  Ian,
  Thanks very much - very helpful information.
  Sounds like passing the tokens in every request is probably the way to go for this.  I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
  Is that all I would have to do, is add the tokens to every path?  Would that guarantee that all the session variables would remain valid until timeout or being cleared?
  Again, thanks, you've been really helpful.
  Joe
  On Jun 23, 2010 4:37 PM, Ian Skinner &lt;[email protected]&gt; wrote:
  Unfortunately this is the nature of HTTP web applications.  There is NO state maintained from HTTP request to request.  This is by design in the HTTP protocol specifications.
  ColdFusion provides two methods to circumvent this limitation.  Each method has limitations and caveats.  They both rely on the passing of tokens between the client and the server with every request.  These tokens can be passed as cookies OR URL (GET) variables.  You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method.  If something happens to the cookies the session can be lost.
  You could pass the (CFID &amp; CFTOKEN) OR JESSIONID tokens through the URL query string with every request.  This requires one to add these values to every link, form action, cflocation or other request path in our application.  ColdFusion provides the session.urltoken variable to make this easier to do.  The tokens will be visible to the user.  Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case).  Then that user will access the session of the original user.
  Cookie session management is by far the most common choice by CF developers.  If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications.  One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server.  Thus not suffer the stateless nature of the normal HTTP request-response cycle.
  I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated.  But I would not think it is beyond the relm of possibilities.

• Clearing custom session variable in 5.0

  I have set a custom session variable in a method called in the OnAfterLogin PEI.
  Do I need to ckear this session variable on logout? If so, how do I do that?
  Or does the session variable clear on its own if teh session is abandoned or killed on logout?
  I just want to make sure I am not leaking any memory and do proper housekeeping.
  Thanks!
  Vanita
  Staples

  Sam,
  It appears that you are one of the few installations that actually used a display/formatting page under 4.x. Under 5.0 you have the option of going directly to the source of the card or gatewaying the card. Those are your only two options to my knowledge. I suppose that the answer might rest on using docfetch but this would require a custom CWS.
  Good Luck
  Phil Orion

• CS4 - does not clear session info

  I developed a small membership site for my club.
  Everything works fine so far. I can log in and see the protected pages. I can log out and try and see the protected pages but I then get redirected to the page I specified for failed login.
  This shows me that the login and logout function works.
  The Problem
  The problem is I logged in as me and I log out again. I then logged in as a different user and tried to update the different user's details. But when I went to the update form it still showed MY details in the update form and not those of the user who is currently logged in.
  So it seems to me as if CS4 uses session variables to remember the login details but it was not cleared after the first users logged out.
  Any suggestions on how to fix this?

  pietpetoors wrote:
  The problem is I logged in as me and I log out again. I then logged in as a different user and tried to update the different user's details. But when I went to the update form it still showed MY details in the update form and not those of the user who is currently logged in.
  So it seems to me as if CS4 uses session variables to remember the login details but it was not cleared after the first users logged out.
  The code generated by the Dreamweaver Log Out User server behavior looks like this:
  if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
    //to fully log out a visitor we need to clear the session varialbles
    $_SESSION['MM_Username'] = NULL;
    $_SESSION['MM_UserGroup'] = NULL;
    $_SESSION['PrevUrl'] = NULL;
    unset($_SESSION['MM_Username']);
    unset($_SESSION['MM_UserGroup']);
    unset($_SESSION['PrevUrl']);
    $logoutGoTo = "login.php";
    if ($logoutGoTo) {
      header("Location: $logoutGoTo");
      exit;
  As you can see, it's removing only the session variables created by Dreamweaver.
  A more secure way of handling this would be to change the code to this:
  if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
    //to fully log out a visitor we need to clear the session varialbles
    $_SESSION = array();
    session_destroy();
    $logoutGoTo = "login.php";
    if ($logoutGoTo) {
      header("Location: $logoutGoTo");
      exit;

• Filter view with session variable does not display value properly.

  Hi All,
  I have a very unique issue and I am not sure if anyone ran into this before.
  I have a prompt in my dashboard and a link to a report. The session variable default the value to the current value (term)
  when I click the link to the report I get the following value, on the filter view of the report: Term Code Desc is equal to NQ_SESSION.CSA_Analysis_Term
  however if I click the go button in the prompt I get the value: Term Code Desc is equal to 2030 (2011 Spring)
  does anyone have a solution to this issue
  thanks

  Hello,
  Have the same issue. Any solution. Gurus plz help.
  thanks,
  deep

• CFLOGIN not maintaining cfauthrization session variable

  I have a simple CF web site where all of the .cfm is in the
  same directory. I can not use client cookies as the people I am
  writing this for have cookies turned off in IE, therefore I am
  using J2EE session variables and CFLOGIN in an application.cfm file
  (code attached) for authentication. Everything works correctly
  during login and I can see the encrypted username/password as the
  cfauthorization session variable....
  Session Variables:
  cfauthorization=Y3BkYWRtaW46cmVwb3J0ODQzOmNwZA==
  sessionid=c23059df643c42544069
  urltoken=CFID=783&CFTOKEN=91556252&jsessionid=c23059df643c42544069
  Once I try to browse to another cfm page on the site, I get
  booted back to the index.cfm login page. After some digging I
  figure out that the cfauthorization variable was blank after I
  click on the link, which as I understand it indicates that I am not
  logged in and the
  <cfif not IsDefined("cflogin")>
  <cfinclude template="index.cfm">
  <cfabort>
  code in the application.cfm sends me back to the login page.
  I have confirmed that using valid credentials causes <cfif
  cpdauth.recordcount GT "0"> to return true.
  Any idea as to why my session authorization is not being
  maintained between pages? Or if I am completely off base as to the
  reason this is happening.....and if so, what am I doing wrong.
  Thanks
  Greg

  Your login code seems to be fine. You yourself are already
  aware that you have to have a way to pass-the-baton between
  requests, to maintain a session.
  The usual way Coldfusion maintains sessions is to send CFID
  and CFTOKEN cookies to the client browser. That happens
  automatically under the hood, assuming you haven't switched
  setClientCookies off.
  For session management by means of cookies, I would use a
  cfapplication tag like
  <cfapplication name = "cpd"
  applicationTimeout = "#createTimespan(1,0,0,0)#"
  sessionManagement = "yes"
  clientManagement = "yes"
  sessionTimeout = "#createTimeSpan(0,0,20,0)#"
  setClientCookies = "true"
  scriptprotect="all"
  loginstorage="Session">
  However, all of that assumes that the client browser accepts
  cookies. Where it doesn't, the usual way to maintain sessions is to
  pass CFID and CFTOKEN values in the URL of every request. In fact,
  the function that Bluetone suggests,
  URLSessionFormat,
  makes the process efficient. It instructs Coldfusion to append CFID
  and CFTOKEN to the URL only when the client doesn't accept cookies.
  Which means Coldfusion would still be using cookies wherever
  possible. Some examples
  <a href="#URLSessionFormat('orders.cfm')#">My
  orders</a>
  <cfform method="Post"
  action="#URLSessionFormat("MyActionPage.cfm")#">
  </cfform>
  <cflocation url = "products.cfm" addToken = "yes">

• Function to get session variable is not working

  I created a report based on the following sql query:
  SELECT EMPNO, ENAME, JOB, MGR, HIREDATE, SAL, COMM, DEPTNO FROM SCOTT.EMP
  WHERE DEPTNO = empcust.current_deptno
  empcust.current_deptno is a function which returns the value of the session variable. However, nothing gets returned. The value of the session variable is not found.
  I know that the session variable is being set b/c i have a procedure that sets it and prints out the assigned.
  This is my code for the current_deptno function. If anyone can help, i'd greatly appreciate it!
  procedure current_deptno
  return VARCHAR2
  as
  v_Session portal.wwsto_api_session;
  v_Return VARCHAR2(20); --DEPT.DEPTNO%TYPE;
  begin
  v_Session := portal.wwsto_api_session.load_session('PORTAL','SESS_EMP');
  v_Return := v_Session.get_attribute_as_varchar2('DEPTNO');
  htp.p('Return session var'||v_Return);
  RETURN(v_Return);
  end;

  Hi Imtiaz,
  Could you verify that the variable has indeed a value? You could check via the Session Manager in the Admin Tool. You could also check the Query Log to verify whether the Initialization Block is working like expected.
  Thanks.
  Daan Bakboord
  http://obibb.wordpress.com

• Non-system session variable is not initializing

  Hi,
  I have created a non-system session variable using Row wise initialization, and using it in answers to filter a column. it is displaying below error
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 23006] The session variable, NQ_SESSION.Visible_All_Offices1, has no value definition. (HY000)
  I have tried all possible ways like giving the session variable in SQL result set, giving with quotes and without quotes. In all ways it is throwing the same error.
  I think this variable is not getting initialized when starting the session, is there any way to check it. this variable is also not showing in Manage > Sessions > Variables in OBIEE Admin.
  Please reply, if anyone faced similar issue. I am trying this from last 2 days.
  Thanks,
  Ash.

  When you run this sql query against the database, are you seeing results? and why are you using non-system session variables for this? Session variables are usually used to retrieve data into variables based on the user login.
  Check the following things:
  1) In variable target, make sure the row-wise initialization is checked.
  2) Make sure the cache option is UN-checked
  3) Run the sql against the database and make sure it is retrieving results.
  4) Try this in init block:
  select distinct 'Visible_Regions', NVL(Regions, '0') from SH.Regions_Dim A inner join SH.USER_Table B on A.employee_ID = B.employee_ID;
  -Amith.

• Server hangs and session variable value not maintained.

  dear all,
  this is exteremetly urgent. i upgraded my tomcat to 4.1.24.but i have problems running the same code which was working earlier, i get null in the value of session variable. and also get the following error
  ////////////////error got /////////////
  Compile failed; see the compiler error output for details.
  at org.apache.tools.ant.taskdefs.Javac.compile(Javac.java:842)
  at org.apache.tools.ant.taskdefs.Javac.execute(Javac.java:682)
  at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:317)
  at org.apache.jasper.compiler.Compiler.compile(Compiler.java:370)
  at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext
  .java:473)
  at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
  .java:190)
  at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:2
  95)
  at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
  icationFilterChain.java:247)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
  ilterChain.java:193)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
  alve.java:256)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:643)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:480)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
  alve.java:191)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:643)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:480)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
  at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
  2415)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
  ava:180)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:643)
  at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
  rValve.java:171)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:641)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
  ava:172)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:641)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:480)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
  ve.java:174)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContex
  t.invokeNext(StandardPipeline.java:643)
  at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
  a:480)
  at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
  at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:22
  3)
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
  :594)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
  ssConnection(Http11Protocol.java:392)
  at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java
  :565)
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
  ool.java:619)
  at java.lang.Thread.run(Thread.java:536)
  ///////////////end of error messsge ////////////
  the code where i am getting this message is as follows
  <%@ page session="true"%>
  <HTML>
  <HEAD><TITLE> LOGGED IN ok</TITLE> </HEAD>
  <%@ page import="java.sql.*" %>
  <%! // declaring variables
  String s = "";
  java.sql.ResultSet rs=null;
  java.sql.Connection con;
  java.sql.Statement stmt=null,stmt1=null;
  String username = "";
  String password = "";
  String Ousername = "";
  String Opassword = "";
  String changepass="";
  String usertype ="",useremail="",EmpName="";
  %>
  <body>
       <%      
       try
       //set session for max of 100 milliseconds
       // session.setMaxInactiveInterval(10000);
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
       con = java.sql.DriverManager.getConnection("jdbc:odbc:Driver={Microsoft Access Driver (*.mdb)};" +"DBQ=c:/vishal/HelpDesk.mdb;DriverID=22;READONLY=false","","");
            stmt = con.createStatement();
            s = "select * from LoginUser";     
       username = request.getParameter("LogonId"); //get this through prev. form
       password = request.getParameter("txtPassword");
       out.println(username + " " + password);
       // make explicitly to lower case
       username = username.toLowerCase();
       rs = stmt.executeQuery(s);               
                      while(rs.next())
                      //getting data from database
                      Ousername = rs.getString("EmpName");
                      Opassword = rs.getString("Password");
                      useremail = rs.getString("EmailId");
                      usertype = rs.getString("UserType");     
                      if(Opassword.equals(password) && Ousername.equals(username)) //found match correct entry
                           changepass = request.getParameter("PasswordNew");
                           if(changepass != null)
                           stmt1 = con.createStatement(java.sql.ResultSet.TYPE_SCROLL_INSENSITIVE,java.sql.ResultSet.CONCUR_UPDATABLE);     
                           s = "update LoginUser set Password = '" + changepass + "' where EmpName = '" + username +"'";
                           out.println(s);
                           stmt1.executeUpdate(s);
                           stmt1.close();
                           if(usertype.equals("User") == false)//ie admin
                           session.setAttribute("username",username);     
  ************************this value not maintained *********************
                           session.setAttribute("useremail",useremail);
                           session.setAttribute("usertype",usertype);
  ************************this value not maintained *********************
                           //closing connections
                           %>                                                       
                                <jsp:forward page= "ComplaintType.jsp" />                         
                           <%
                           else //user
                           EmpName = username;
                           session.setAttribute("EmpName",EmpName);                         
                           session.setAttribute("useremail",useremail);
                           //closing connections
                           %>
                           <jsp:forward page="ComplaintCategory.jsp" />
                           <%     
                           }//end if
                      }//while loop                                   
                      //first closing connections then forwarding                    
       %>
                      <jsp:forward page="InvalidLOGIN.jsp" />
                      <%     
                      ///rs.close();
                      ////closing
                      //stmt.close();
       // con.close();
       }//try
            catch(Exception ep)
            out.println(ep);
            System.exit(1);
       %>
  </BODY>
  </HTML>

  hi all,
  thanx a lot for your help,specially hari52
  hari52 strangely enough the code started working,but
  now i have another problem
  after a while my server hangs or gets shutdown ,a
  message is shown as
  "java.exe has generated error and will be shutdown"
  i know that more connections can be a prob. but i
  make sure that connections r closed on each page,also
  i am a newbie and do not have the time at present to
  learn abt. connection pool ,can this problem be
  solved easily?
  it would be a great help again on your part,
  thanx again,You remove the System.exit(1) line from the code inside the catch block
  and try again. That's the reason tomcat getting down. System.exit(1) should not be used inside jsp. it will make the underlaying Servlet Engine to shutdown.