This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session id : how does server identifies?

 
Teena Mariam
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,
I was booking tickets on an online reservation website, using Firefox. After logging into the reservation system, the url changed with an appended session id (jsessionid). If I copy the same url (the whole link including the session id) i can reach the same page with the same details in another tab of firefox.
Now if i copy the same link and open IE and paste it, it takes me to a page which says i need to log in to access the page. This was the expected result, but i wonder how the server identifies the two requests as from two different browsers.

Thanks,
Teena
 
ujjwal soni
Ranch Hand
Posts: 403
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Now if i copy the same link and open IE and paste it, it takes me to a page which says i need to log in to access the page. This was the expected result, but i wonder how the server identifies the two requests as from two different browsers.


Its possible that authentication details values associated with that login may not be found in firefox, so it redirects to the login page.

 
Rituraj Jain
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1. browsers maintain their sessions.
2. servers have thier own sessions and identifies whether the request is coming from the same client (browser) or not. and this identification also requires the type of client, IP of system etc. you are using as the connection is between browser and sever

you are using firefox if you "clear private data " during the current session. ticket booking system will take you the login page again

 
Teena Mariam
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Thank you. But I didnt get it quite right.
Do you mean to say, the server validates the session id against some stored values? I checked the request header attributes. There is one called 'User-Agent'. Its value is different for two different browsers.
In fact, my question is, how does the server validate the jsessionid value?
If the server only had to check for the existence of the sessionid value, then it would have returned the IE client also to the same page. But this is not happening.

Thanks,
Teena
 
Rituraj Jain
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when you visit a site using your browser a fresh session is created but if you just roaming arround in the same site no new session is created so
1. when you copy paste the url in firefox in which you have already logged in you are not thrown to login page as your sesion exist
2. but when you copy paste the url in IE in which you didn't logged in now this a fresh session start to you are thrown to login page

whenever you request a page from server, client browser sends a request by which the server can identify whether a session for this request exests or not.

if you are looking how server internally validates Jsessionid i also don't know exactly . but up to best of my knowledge (Guesing) sessionID is created by the cryptographic key-exchange between server and the client browser (Handshak protocol You can say..) so when you paste same URL ( session id ) in different browser the other browser is not able to understand it and so will send a fresh request to server (a Fresh handshake for new session ceation)....
 
Teena George
Ranch Hand
Posts: 82
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you. That cleared my doubts.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic