• Post Reply Bookmark Topic Watch Topic
  • New Topic

New browser window with new HttpSession

 
Michael Gavryuchkov
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
Is it possible to open a new browser window from a parent window and open a new HtppSession for the new window? So that the new window and the parent window do not share same HttpSession but have two separate ones?
Thanks in advance.
 
Nathaniel Stoddard
Ranch Hand
Posts: 1258
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Michael,
There's no way to do this. What constitutes a new session is determined by the browser. Some browsers will share cookies (and therefore sessions) across all windows open. Others may consider cookies in separate processes distinct, but you can never tell.
Sorry for the bad news.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nathaniel is correct. I will add that I know of no browser that will not share cookies with a child window opened via window.open(). How the various browsers treat windows created by the user via ctrl-N is another matter, and is browser-dependant.
 
Michael Gavryuchkov
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bear Bibeault:
I know of no browser that will not share cookies with a child window opened via window.open().

Maybe there is a way to somehow to open a new window as a new browser process and send it a request line? Sounds highly undoable but who knows...
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65530
108
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The only thinking I can think of -- and I have had no reason to explore this in any way -- is to try using URL rewriting for the session id. But I have no idea if that would trump the cookie or not.
 
Michael Gavryuchkov
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
URL rewriting could work. However, I am looking for a kind of a no-brainer and URL rewriting (correct me if I am wrong) requires a different approach in handling session, hence refactoring a lot of existing code.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know that IE 5.5 (and possibly other versions) doesn't retain the session for window.open and the session must be retained using url rewriting, but this is considered a bug in IE and is not the accepted behaviour.
You could try this: enable URL rewriting in you application server (it is generally not accepted by default), use rewriting to see how the url appears in its rewritten form, them remove the session id.
In theory, this would pass an invalid session id and any requests from the second window would be assigned a new session id.
Be careful though, it may be more likely that the browser stores a single copy of the session id, which you could invalidate and cause the session id for all windows to be overridden with the new value.
Just a though.
Dave.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!