This week's book giveaway is in the JavaScript forum.
We're giving away four copies of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js and have Paul Jensen on-line!
See this thread for details.
Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to get multiple session in single browser  RSS feed

 
Sangita Ojha
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We are facing the browser seesion issue in IE7 and greater version.Session is getiing shared when we open multiple tab in same browser.


Example if we login with one userID in one tab and we have login with another user in another data is getting messed up.


We have useed the technology Struts1.2 Hibenate3.0.

Please help us to resolve this issue.


Thanks in Advance.
 
Carles Gasques
Ranch Hand
Posts: 199
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Do you mean that client side session data is mixed between the 2 tabs?

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since session ID is normally maintained as a cookie according to the cookie rules, it is not surprising that one browser instance only has one cookie for a given web app. Normally people expect all tabs addressing the same web app refer to the same user / sessionID.

IF you want each tab to refer to a separate user you will have to program things that way: the following occur to me.

1. Use only URL rewriting to carry the sessionID -
2. Create your own mechanism for a session - possibly using hidden variables in forms

Bill
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66141
141
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why is this even an issue? Do you really expect two different people to sit in the same chair and each use a tab in one browser?
 
Sangita Ojha
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Using URL rewitting and Appending the sessionid is against of security policy.

Could you please elaborate how we can use our own session mechanisim to avoid this issue.Please provide some snippet of code which will help me to implement.


Please help.

Thanks in Advance.
 
bharat salunkhe
Greenhorn
Posts: 25
Eclipse IDE Java Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sangita Ojha wrote:Using URL rewitting and Appending the sessionid is against of security policy.

Could you please elaborate how we can use our own session mechanisim to avoid this issue.Please provide some snippet of code which will help me to implement.


Please help.

Thanks in Advance.


as per my thinking you cant do that.. or one way is you have to force user to use single instance of your application by passing session id with url (not secure !)
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sangita Ojha wrote:
Could you please elaborate how we can use our own session mechanisim to avoid this issue.Please provide some snippet of code which will help me to implement.


I won't write code for you but I will tell you how I approached the problem with an online exam simulator.

1. Every user entry to the system gets a unique id derived from a random number generator plus any user info available - checking of course that this id is not already in use. This id must be in a form suitable for a file name because:
2. A serializable object which will contain all user "session" data will be written to disk using the id. -and-
3. The id is written as a hidden form variable into every HTML page the system presents.
4. ALL user navigation in the system is via a form(s) POST so the unique user id is a parameter in every request after the initial entry so the servlet can retrieve the serialized session object - either from disk or from a cache.

You can make the serializable session object as simple as a HashMap or include more complex information as long as it is serializable.

Bill


 
Rajesh Ronald Reagan
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sangita,

In HTTP World the session on the same browser is very normal

I.e Two different users when accessing the same application only one user session is allowed from the same browser. Ex Gmail. Please try to signin in the same browser with multiple user. This is a bad implemenation quite I can tell.,

Since http protocol is a stateless protocol (as it is not persistent), whenever browser sends request then it is always interpreted as a new request. When the first request goes to the server, a session object is created .To maintain the session, server creates a token .The token is transmitted to the client by the response object and gets stored on the client machine. URL rewriting can also be used where the cookies are disabled by the user.

The best way to overcome this is to rewrite the URL, which will append the session id to the url.

use the response object to get the method encodeURL to append the sessionid.

http://www.roseindia.net/tutorial/java/jsp/URLrewriting.html

A good example is given above.

Regards,
Ronald


 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!