Re: session ids cont...
In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Peter Alfors wrote: I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. I dont think that URL-rewriting will help in this situation. If I understand URL-rewriting correctly, all that is happening is that the session id is being tacked on the end of the request URL. Has anyone else run into this problem (and hopefully come up with a solution?) One alternative is to generate my own session object with a unique Id the frist time the user makes a request. Then the action controller could manage the sessions, while the pages use URL-rewriting to notify the action controller which session to use. I don't particularly care for this solution, so I am hoping that I am over-looking something simple. :) Pete
Re: session ids cont...
In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Do you have a reference to said article? If not how about the subject and date? Hum... IE and Netscape sharing the same id? I never thought they could. I guess I already realized that they store cookies in different files. Is that what was being asked? Steve
Re: session ids cont...
I have just tested our web application prototype on Netscape 4.7 and there
are no problems
with URL-rewriting and jessionid's.
The servlet container (Resin 1.1.5) picks the right sessions for the right
clients.
We use a mix of hardcoded with dynamic jsessionid insertion, Struts
html:link and Javascript generated links on our pages and it works fine.
The following principles were used:
- Hardcoded links: a
href='http://host/execute/action;jsessionid=%=session.getId()%'Text/a
- Struts: well it does it by itself.
- JavaScript: call a function with parameter jessionid obtained from session
object and use it to build link. Example:
function openInfoWin(host, oid, sessionID)
{
var hostURL = "http://"+host+";jsessionid="+sessionID+"?oid="+oid;
window.open(hostURL, "InfoWin", "scrollbars=no, resizable=yes, width=600,
height=800");
}
We always put the jsessionid right after the URL since it is a path
parameter and *not* a request parameter.
Remember to use semicolon as divider or else it will not be picked up.
Could you provide an example of your nonworking JSP or Java code ?
- Original Message -
From: "Peter Alfors" [EMAIL PROTECTED]
To: "struts-user" [EMAIL PROTECTED]
Sent: Thursday, February 01, 2001 5:12 PM
Subject: session ids cont...
I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
browser session. However, both Netscape 4.7 and Netscape 6 return the
same Id.
I dont think that URL-rewriting will help in this situation. If I
understand URL-rewriting correctly, all that is happening is that the
session id is being tacked on the end of the request URL.
Has anyone else run into this problem (and hopefully come up with a
solution?)
One alternative is to generate my own session object with a unique Id
the frist time the user makes a request. Then the action controller
could manage the sessions, while the pages use URL-rewriting to notify
the action controller which session to use.
I don't particularly care for this solution, so I am hoping that I am
over-looking something simple. :)
Pete
Re: session ids cont...
Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Steve
Re: session ids cont...
It was posted as a Subject : "what starts session?", Date: Wed, 24 Jan 2001 16:07:49 -0800 (PST) and responses were followed. "Steven D. Wilkinson" wrote: In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Do you have a reference to said article? If not how about the subject and date? Hum... IE and Netscape sharing the same id? I never thought they could. I guess I already realized that they store cookies in different files. Is that what was being asked? Steve
Re: session ids cont...
"Steven D. Wilkinson" wrote: Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I am using IE 5.0 5.5 and Netscape 4.7 6 for testing. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. I am using Tomcat 3.2 Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. begin:vcard n:; x-mozilla-html:FALSE org:BRIMG SRC="http://www.irista.com/logo/irista.gif"BRBRFONT Color=#80FONT SIZE=2BBringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
RE: session ids cont...
Title: RE: session ids cont... I had similiar problems. You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml). When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included. If you open a new browser from another such as via JavaScript window.open(), you need to make sure the URL is NOT encoded with the session id. This will cause the server to start a new session. Unfortunately, all the Struts tags dealing with URLs (Form, Link, etc.) always encode, so you can't use them when creating the new URL. Gary -Original Message- From: Peter Alfors To: [EMAIL PROTECTED] Sent: 2/1/01 2:28 PM Subject: Re: session ids cont... Steven D. Wilkinson wrote: Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I am using IE 5.0 5.5 and Netscape 4.7 6 for testing. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. I am using Tomcat 3.2 Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. Card for Peter Alfors
Re: session ids cont...
Peter Alfors wrote: "Kramer, Gary" wrote: I had similiar problems. You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml). When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included. How do I turn off the use of cookies in the server.xml? I only see one location where cookies are mentioned. !-- Request processing -- !-- Session interceptor will extract the session id from cookies and deal with URL rewriting ( by fixing the URL ) -- RequestInterceptor className="org.apache.tomcat.request.SessionInterceptor" / Do I comment out this section? For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults to "false". You need to set it to "true": RequestInterceptor className="org.apache.tomcat.request.SessionInterceptor" noCookies="true"/ NOTE: Using URL rewriting does *not* catch every case of multiple windows sharing session ids. Consider that the user can right-click on a hyperlink (containing the session id) and select "Open in New Window". Because the hyperlink being clicked had a session id in it already, the new window will still be part of the old session -- so your app logic needs to be ready to deal with this. Craig McClanahan
