New Windows, Struts, IE 5 and sessions dying
Summary: Any known bugs and workarounds with Multiple Windows in IE5, Servlet Sessions and Struts 1.0b1? Detailed Version: We are using Struts 1.0b1 and Tomcat J2EE form-based login security on our website. The user requests a protected page and is automatically redirected by Tomcat to the login page from which they login and enter the site. The password and username gets stored in a session automatically by Tomcat for use in further protected pages. No problem there - it works perfectly. However when we open a new window using the javascript functions window.open(url), window.showModelessDialog(url) or window.showModalDialog(url), things go badly wrong. The moment the new window is opened the user has to log in again in the main window before they can do anything else. Had a look at the HttpServletRequest and the the j_username and j_password variables appear to be deleted from the session attributes the moment you open the new window, but the cookie with the session id still appears to be present. After considerable effort we have narrowed the problem down to Struts itself. If we open the new window with a url that is just a static file (html,gif etc) the session doesn't get lost. If we open the new window with a url that is a jsp file that doesn't involve struts once again everything continues working fine. But the moment we open the new window with a struts url (ie *.do) the session gets lost in the main window. Has anyone else had this problem? Any known bugs in Struts 1.0b1 that we should be aware of? Any known solutions/workarounds? Help! Thanks, Graeme.
Re: New Windows, Struts, IE 5 and sessions dying
At 07:04 PM 1/06/01 +1200, you wrote: Summary: Any known bugs and workarounds with Multiple Windows in IE5, Servlet Sessions and Struts 1.0b1? A few things to note. Have a look to see if the redirect is forcing :80 (port 80) onto the end of the URL, this can cause the session get lost in the ether. Upgrade to struts-b2 and it'll go away. Another thing to note is that on NT you can have each IE run in a separate process, which gives it its own set of cookies, which will also loose the session value. I think it's probably the first one though, as you'd be using html:rewrite / to generate the URL for the javascript, and up until struts-b2 it would add the port into the address and confuse the browser. This happens in Netscape Navigator as well. -- Kumera - a new Open Source Content Management System for small to medium web sites written in Perl and using XML http://www.cyber4.org/kumera/index.html