Business Objects sessions bleeding together with OpenDoc reports

I have a custom application that logs a user into Business Objects, and calls OpenDoc using the generated loginToken. I store the Business Objects session in the application session. If you log into the application as one user and open a report with the following query:

<br><br>

SELECT  mtf.id
FROM  mtf,  facilities,  users
WHERE  facilities.id = mtf.id  AND facilities.id = users.facility_id   AND users.login_name = @Variable('BOUSER')

<br><br>

The query runs correctly and returns the correct result. If you log out of the application without closing the browser window, log in as a different user and run the same report you get the result the first user got, as if the @Variable('BOUSER') was returning the first username.

<br><br>

Each user is logged into Business Objects with their own username, I have verified this in the code. I aslo verified that When the first user logs out of the application the Business Objects session is destroyed, and a new one created for the second user. Looking at the HTTP headers I have seen that when the first user logs in and opens a report the following cookie gets set:

<br><br>

HTTP/1.1 200 OK

Set-Cookie:

InfoViewses=3%261%2C8P%264E%3D1704Jk1XlRb8I5GtMTG1%2C8P%26Tn%3D%7B3%26.1%3D%7B3%262%3D1608%2C03%26O%3DFavoritesFolder%2C0P%7D%2C2z%26.2%3D%7B3%262%3

D1609%2C03%26O%3DPersonalCategory%2C0P%7D%2C2z%26.3%3D%7B3%262%3D1610%2C03%26O%3DInbox%2C0P%7D%2C2z%26U%3D3%2C03%7D%2C%3Fz%264F%3D1607%2C8P%26S5%2C8

8%26Tm%3D3650%2C83%265U%3D1705JEngK4tWp4tT87D21704Jk1XlRb8I5GtMTG1%2C8P%2635%3Dtestuser1%2C8P%2663%3Dtoken%2C8P%26pa%2C8P%262r%3Ddev-bo.company.com%

3A6400%2C8P%263k%3D%40dev-bo.company.com%2C8P; Path=/; HttpOnly

<br><br>

The second user who logs in already has this set with the same value, including the testuser1 string which is the username of the first user. This is the only place I can see the username getting passed around.

<br><br>

This is how I log users in to Business Objects and get the logon Token:

<br><br>

IEnterpriseSession session = CrystalEnterprise.getSessionMgr().logon(username, defaultPassword, cmsHostName + ":" + cmsPort, authType);
String logonToken = session.getLogonTokenMgr().getDefaultToken();

<br><br>

This is how I launch the reports:

<br><br>

String url = serverUrl + "/OpenDocument/opendoc/openDocument.jsp?sIDType=CUID&sType=wid&sRefesh=Y&iDocID=" + reportCuid + "&token=" + logonToken;

<br><br>

This problem does not occur with logging in and out of infoview. I am using Business Objects XI 3.1 SP2

<br><br>

Thanks for your help

<br><br>

Tim

Edited by: twkatadin on Dec 18, 2009 3:17 AM