Hi all,
I am facing the following issue:
I have a piece of code for authenticating a user and another for updating his password.
Consider the following steps:
1) A user tries to authenticate himself - he can login successfully
2) The user updates his password. It gets updated successfully in the DB
3) The user tries authenticating himself again and can login with the new password.
4) Now, I
manually update the password in the database. If the user tries to use this new password to authenticate himself, he is unable to do so. This is because, in the authentication code below, the password fetched from the DB is the same as the one fetched in step number (3).
It seems as though the old password used by the user is stored in the cache and is reused the next time the user tries to authenticate himself. I have tried making the following 3 settings, so that no information is fetched or stored in the cache. But it does not seem to be working.
Code:
session.setCacheMode(CacheMode.REFRESH);
sessionFactory.evictQueries();
query.setCacheable(false);
Authentication code
Code:
public void authenticate (String ePwd) {
File f = new File("C:\\hibernate-config.xml");
Configuration config = new Configuration();
Configuration configuration = config.configure(f);
sessionFactory = configuration.buildSessionFactory();
Session session = sessionFactory.openSession();
session.setCacheMode(CacheMode.REFRESH);
sessionFactory.evictQueries();
String SQL_QUERY = "select username, project, password from User where username like '" + username + "'))";
Query query = session.createQuery(SQL_QUERY);
query.setCacheable(false);
User user = null;
try {
for(Iterator<Object[]> it=query.iterate();it.hasNext();){
Object[] row = (Object[]) it.next();
String pwd = (String)row[2];
System.out.println("User entered: " + ePwd + " Password fetched from DB: " + pwd);
}
finally {
session.flush();
session.clear();
session.close();
}
}
Login
FAQ
Search