• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JSF 2.0 Session Scope not working - same session bean for multiple browsers

Vinu Shanmugam
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am extremely frustrated to see the behavior that same JSF managed bean (declared as session scoped) is shared among multiple browsers. From the primitive definition of a HttpSession, every browser window action should be accompanied with a separate session. Below is the code and project setup:



Bean class source:


lib folder contents:


App Server: Apache Tomcat 7.0.16
Java Version: 1.6

Could someone please let me know whether I am making any mistakes or this is a known defect? I also came across another similar post and poster suggested using Orchestra, but session scope is a specification given by JSF and the implementation MUST properly implement it. If I choose a new technology / framework for every feature promised by JSF, then what is the point in calling JSF as a framework?

I am working on a huge framework development project which uses Hibernate 3, Spring 3 and we chose JSF 2.0 for front end. I created a separate test web project to analyze this issue.

This issue is slapping in my face and I am loosing confidence over JSF.

Thanks in advance
Tim Holloway
Saloon Keeper
Posts: 18319
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't know where you got the idea that J2EE sessions were assigned on a per-window basis. They aren't, and they never were, and that applies to ALL J2EE, not just to JSF and has since the beginning. Each webapp normally gets its a separate session per client, but a client (browser) would not normally get multiple sessions with one webapp.

It's possible, but dangerous to create multiple session IDs IF the user has cookies disabled, but that's not the way most people operate, which is why it's so dangerous.

Other than that, the actual rule is that each browser executable has its own set of cookies and therefore its own session, but the cookies themselves are shared by each and every window owned by that particular executing instance of the browser application. For IE you get exactly one and only one IE for the entire OS. For Firefox and most of the other browsers not welded into the OS itself, you will USUALLY get only one instance, but you can sometimes force a new instance, but that's also not something you want to depend on casual users get get done right.

On a less technical note, I personally don't like webapps that pop up windows all over my (already-cluttered) screen, and the only way to repel me as a customer faster is to make the app require Flash to be usable.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic