I would agree. URL Rewriting is the only true way to prevent multiple users
behind a proxy from possibly sharing a session too.
> -----Original Message-----
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Gokul Singh
> Sent: Tuesday, August 07, 2001 4:13 AM
> To: [EMAIL PROTECTED]
> Subject: Re: distinguish between simultaneous sessions of same browser
>
>
> ----- Original Message -----
> From: "James Bond" <[EMAIL PROTECTED]>
>
> > If i want to support multiple simultaneous sessions
> > from multiple browser windows (but same browser) how
> > would i be distinguishing between the logically
> > separate user sessions?
>
> You want to have more than one session per browser. So you have to prevent
> the visibility of session of one window of a browser from another
> window of
> the browser.
>
>
> > I mean what are the ways of handling this.
> > eg: http sessions, URL rewriting, hidden tags, i know
> > cookies dont work ? are there any better ways here
> > agian
>
> Session Cookies are shared across the windows of the browser. So they are
> definately ruled out.
> URL rewriting ( forced by turning off cookies on the servlet container) is
> one way and in my opinion the best way to go.
> Hidden tags can be used, but they will force you to go in for rolling your
> own session management. That is the reason I think this is not a
> good way to
> go.
>
>
> > basically i am interested in what the logic behind
> > handling this kind of issues would be ?
>
> when the method getSession(true) is called, the servlet container
> checks if
> it has received a valid session id. If a valid session ID has not been
> received, then it creates a new session with a new session id.
> So the main issue as mentioned above is to prevent the visibility
> of session
> id of the session across windows.
>
> The only problem is that all the links/action tags in your
> application have
> to pass through the response.encodeURL() method.
>
>
> cheers,
> Gokul
>
> >
> > Vithal
> >
>
>
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
