---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- David Crooke wrote: > > The HTTP protocol is stateless, so there are two ways for a web appserver to > recognize which session / user / browser a request belongs to - the usual one is > by sending a temporary cookie back with the first page, which is then presented > by the browser with each request. The alternative for clients which don't > support cookies is to rewrite the URL's in links being presented on pages, to > include a reference to the session - you'd know if you were using this. > > First, eliminate the obvious - if you open up two browser windows from the same > browser process, they will share the temporary cookie (and thus the session). On > Linux, you can get two separate browsers by running them under different user > accounts; on Windows, you need to use two different browsers (e.g. Netscape and > IE). > > The way we are managing sessions is to hang a single object from the store on > JServ's HttpSession object, and then invalidating the session (from the > application level) by overwriting the reference to it in HttpSession. WE hang > all of our state objects from this, using the same API as HttpSession itself > has. This makes it easier for us to migrate a session from a surfer to a logged > in user and preserve exactly those state elements we need to, and makes it > easier to manage our multi-site system. > > I don't know how HttpSession.invalidate() is implemented in JServ, and we don't > use it (yet), but knowing the quality of the code I'd be surprised if it doesn't > work reliably. Are you certain you are calling it as you intend? > > Dipankar Chakrabarti wrote: > > > > ---------------------------------------------------------------- > > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> > > WHEN YOU POST, include all relevant version numbers, log files, > > and configuration files. Don't make us guess your problem!!! > > ---------------------------------------------------------------- > > > > Dear All, > > > > I have posted a query/bug of JSERV about session > > handling via Proxy server, long back, could not get > > any answer. > > > > Am I posting it in wrong group? Is there any other > > pareticular group where this may be addresses? > > > > Please help > > > > Dipankar > > THE MESSAGE WAS: > > > > Hi! > > > > We are currently developing a web-application > > that uses servlets to process user interaction. We are > > storing user information in the httpSession, from the > > login until the logout. (sesion-data with obtained > > getSession(false)) > > We are creating the session in a login-servlet > > and deleting (removing values, invalidating) the > > httpSession in an Logout-servlet. > > We are putting the servlets on our JServ1.1 on a Linux > > Server. (JSDK2.0) > > > > When accessing the application from a local machine > > through a proxy/firewall-server (MS-proxy-server), We > > are facing problems of not able to invalidate the > > session. One user is getting other users session and > > contents. > > > > Is there any way out? > > > > ===== > > > > DIPANKAR CHAKRABARTI > > Have a Nice Time............ > > > > __________________________________________________ > > Do You Yahoo!? > > Kick off your party with Yahoo! Invites. > > http://invites.yahoo.com/ > > > > -- > > -------------------------------------------------------------- > > Please read the FAQ! <http://java.apache.org/faq/> > > To subscribe: [EMAIL PROTECTED] > > To unsubscribe: [EMAIL PROTECTED] > > Search Archives: > > <http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/> > > Problems?: [EMAIL PROTECTED] -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Search Archives: <http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/> Problems?: [EMAIL PROTECTED]
