Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

distinguishing 2 browsers in the same session.  RSS feed

 
Umakanth Godavarthy
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When logging in with two browsers using the same user, same session id is getting created. But for one of our applicaiton feature to work we need to distinguish the requests received from these browsers. Is there a way to achieve this.
thanks in advance.
 
Evgeniy Bulanov
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hm ... it's really interesting case. What application server do you use?
 
Pradeep bhatt
Ranch Hand
Posts: 8933
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Umakanth Godavarthy:
When logging in with two browsers using the same user, same session id is getting created. But for one of our applicaiton feature to work we need to distinguish the requests received from these browsers. Is there a way to achieve this.
thanks in advance.


Are you creating the 2nd browser instance by doing "Create New window" from the first one ? Or is it a different instance ?
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're using two browsers, or two instances of the same browser, the session ID should not be identical. The session might be shared by two windows of the same browser instance as Pradip points out. That kind of behavior is not defined, though - some browsers share session cookies between windows, while others don't.
 
Umakanth Godavarthy
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree that if the browser instance is different then it should be different session id. But in this case i'm not doing ctrl+N, i'm starting a new instance by typing 'iexplore' in run in windows OS. Even then I'm getting same sessionid.
Jeak,
can it be an issue with server generating the sessionid.
-thanks
 
Pradeep bhatt
Ranch Hand
Posts: 8933
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am accepting the server to generate unique session id.
 
Roger Chung-Wee
Ranch Hand
Posts: 1683
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not surprised with what you are getting.

A session is defined as a series of related browser requests that come from the same client during a certain time period. When the browser receives the response from the server (which contains the session ID in the HTTP header), the browser stores the session ID in a cookie. This cookie is then automatically sent on each request.

So, whether there is one browser instance or multiple browser instances for a session, it is still the same session as all the browser instances share the same cookie. But having said all of this, it is possible for different browsers to behave differently.

I haven't tried it, but I would think that to get a separate session per browser would require the user to log in again using a separate browser instance. This should make the server create a new session.
 
Umakanth Godavarthy
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These two are contradictory statements:
So, whether there is one browser instance or multiple browser instances for a session, it is still the same session as all the browser instances share the same cookie.


and

I haven't tried it, but I would think that to get a separate session per browser would require the user to log in again using a separate browser instance.


Let me elaborate the steps I follow for this scenario:
1. Open two browser instances (not by doing ctrl+N)
2. Open login page for the app.
3. Login by specifying the username/passwd
4. One of our servlets prints the sessionid as html comments, so that we can see the sessionid being generated.
5. Getting the same sessionids in these two instances of the browser.
6. Now, if i log out and login from any of the instances, it generates different sessionid.

Any more thoughts or inputs on this.
-thanks
 
dema rogatkin
Ranch Hand
Posts: 294
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's a simple. Just install a little hook which will provide unique user agent for every instance of a browser.
 
Umakanth Godavarthy
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just install a little hook which will provide unique user agent for every instance of a browser.


what do you mean by hook, it doesn't seem to be a practical solution. we cannot expect every client machine to install this hook or whatever.
 
Jeanne Boyarsky
author & internet detective
Sheriff
Posts: 37234
519
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Historically, all IE windows share a session. Netscape/Mozilla based browsers share a session if creating using Ctrl-N, but give you a different session if you launch the browser again.

Umakanth, You can solve this problem through design in your web application. On every page or link have a hidden form field with a unique id. If the id is passed to your servlet, use that id when rendering the next page's hidden form field. If not, it is a new window. In that case, increment the maximum id already given for that user in the session and send it with the request.
 
dema rogatkin
Ranch Hand
Posts: 294
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Umakanth Godavarthy:


what do you mean by hook, it doesn't seem to be a practical solution. we cannot expect every client machine to install this hook or whatever.
A practical? Maybe, but your rquirements are very specific. I guess you do not support wap devices, text browsers and so on. So, your problem specifically is Windows and IE. You assume that flash player httpxml and other activex control registered on client machine, so why do not install one more? It's 10 seconds operation with one page confirmation. All other solutions may not work, because you can't distinct page refresh in the same window or a newly opened one. Good luck in finding a solution.
 
Gerardo Tasistro
Ranch Hand
Posts: 362
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Umakanth Godavarthy:


what do you mean by hook, it doesn't seem to be a practical solution. we cannot expect every client machine to install this hook or whatever.


A hook could be an URL get variable. For example the next pseudo code

new window
open URL:
http://myserver:8080/myapp/mything.jsp

on request for browser
if isSet(windowsID) {
do whatever
} else {
nextID=getNextWindowID();
redirect("http://myserver:8080/myapp/mything.jsp?windowID="+nextID);
}

So each window works with a different URL set of get variables. Each one ids the window.
 
Umakanth Godavarthy
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi dema rogatkin,
My post was not to offend you in any way, i just wanted to analyze the soln given by you. Moreover we do support an XML output for our application, but thats a different codeline.

Other solutions for having request parameter/form hidden field seems to suggest that I may have to simulate session tracking. But we have lot of pages and lot of URLs, it's a tedious job to append this windowid for every URL. Anyways, thanks all for you inputs, if any other solution that will be a great help.
-thanks
 
jakeer ahmed
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jeanne Boyarsky:
Historically, all IE windows share a session. Netscape/Mozilla based browsers share a session if creating using Ctrl-N, but give you a different session if you launch the browser again.

Umakanth, You can solve this problem through design in your web application. On every page or link have a hidden form field with a unique id. If the id is passed to your servlet, use that id when rendering the next page's hidden form field. If not, it is a new window. In that case, increment the maximum id already given for that user in the session and send it with the request.


Hi Jeanne its not like that all IE windows share a session. with ctrl+N it will be same id. but if i m using 'iexplore' command then i m getting different session id.
Umakanth with 'iexplore' also if you are getting same session id for two different instances means it depends from server to server also.But a general solution required other than request params/hidden fields.Anyhow goodluck in finding solution.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!