subject:"session ids"

Re: session ids

2001-08-20 Thread Guus Holshuijsen


You can retrieve the current user's "session id" from the
HttpSessionBindingEvent e using "e.getSession().getId()". Use this value to
look up an entry in your hastable and remove it.
The HttpSessionBindingEvent is generated when the session is invalidated
(valueUnbound())  or created (valueBound()).

For more details read the Java doc on HttpSessionBindingEvent. Make sure
your class maintaining the hashtable implements the
javax.servlet.http.HttpSessionBindingListener interface.

Regards,
Guus

- Original Message -
From: "Rakesh" <[EMAIL PROTECTED]>
To: "Jon Crater" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, August 19, 2001 12:01
Subject: Re: session ids


> do u have an example
>
>
>  Rakesh Ayilliath
>
> [EMAIL PROTECTED]
>
> - Original Message -
> From: "Jon Crater" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, August 16, 2001 10:27 PM
> Subject: Re: session ids
>
>
> > rakesh--
> >
> > you can solve this problem by having the class responsible for managing
> the
> > hashtable of session ids implement HttpSessionBindingListener.  fill out
> the
> > valueBound(HttpSessionBindingEvent event) and
> > valueUnbound(HttpSessionBindingEvent event) methods so that the
> appropriate
> > session id is added/removed when the hashtable manager is unbound from
the
> > session.
> >
> > jon
> >
> >
> > Original Message Follows
> > From: "Rakesh" <[EMAIL PROTECTED]>
> > Reply-To: "Rakesh" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> > Subject: Re: session ids
> > Date: Thu, 16 Aug 2001 22:12:50 +0530
> >
> > Hi Greg,
> >
> > I know that this sessioncontext api is currently deprecated.
> > I require this for a very specific reason. When I log-in a user,
> > I save his loginID and the sessionId in a static hash table.
> >
> > and when he is logged out, I remove it. Each time someone tries
> > to log-in, I check in to the hash to see if he is already logged in and
> > display appropriate error messages to him.
> >
> > When he logs out by clicking on a logout.do, I remove his
> > loginID from the hash and invalidate his session. Now what happens; if
> > he just closes the browser window, or if his session is timed out ?
> > How do I remove his name from the Hash ?
> >
> > Kindly help.
> >
> >   Rakesh Ayilliath
> > [EMAIL PROTECTED]
> >
> >
> >
> > - Original Message -
> >From: Greg Maletic
> >To: [EMAIL PROTECTED] ; Rakesh
> >Sent: Thursday, August 16, 2001 9:54 PM
> >Subject: RE: session ids
> >
> >
> >I don't believe you can get all valid sessionIDs from the server.  I
> > think the API for doing so was deprecated a while back for security
> reasons.
> >   The way I've solved this in the past was to have each session register
> > itself into a application-scoped hashmap, and maintain that map myself.
> >
> >--Greg
> >
> >
> > -Original Message-
> >From:
> [EMAIL PROTECTED]
> >
>
[mailto:[EMAIL PROTECTED]]O
> n
> > Behalf Of Rakesh
> >Sent: Thursday, August 16, 2001 12:28 AM
> >To: [EMAIL PROTECTED]
> >Subject: session ids
> >
> >
> >  Hi ,
> >
> >  Is there anyway I can get all valid session ids from the server ?
> >
> >
> >   Rakesh Ayilliath
> >  (Software Engineer)
> >
> >  Synergy IT Innovations Pvt Ltd,
> >  #196, 1st Floor, 9th Cross,
> >  HMT Layout, RT Nagar
> >  Bangalore 560032
> >
> >  [EMAIL PROTECTED]
> >
> >
> > _
> > Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp
> >
> >
>

Re: session ids

2001-08-19 Thread Rakesh


do u have an example


 Rakesh Ayilliath

[EMAIL PROTECTED]

- Original Message -
From: "Jon Crater" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 16, 2001 10:27 PM
Subject: Re: session ids


> rakesh--
>
> you can solve this problem by having the class responsible for managing
the
> hashtable of session ids implement HttpSessionBindingListener.  fill out
the
> valueBound(HttpSessionBindingEvent event) and
> valueUnbound(HttpSessionBindingEvent event) methods so that the
appropriate
> session id is added/removed when the hashtable manager is unbound from the
> session.
>
> jon
>
>
> Original Message Follows
> From: "Rakesh" <[EMAIL PROTECTED]>
> Reply-To: "Rakesh" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: session ids
> Date: Thu, 16 Aug 2001 22:12:50 +0530
>
> Hi Greg,
>
> I know that this sessioncontext api is currently deprecated.
> I require this for a very specific reason. When I log-in a user,
> I save his loginID and the sessionId in a static hash table.
>
> and when he is logged out, I remove it. Each time someone tries
> to log-in, I check in to the hash to see if he is already logged in and
> display appropriate error messages to him.
>
> When he logs out by clicking on a logout.do, I remove his
> loginID from the hash and invalidate his session. Now what happens; if
> he just closes the browser window, or if his session is timed out ?
> How do I remove his name from the Hash ?
>
> Kindly help.
>
>   Rakesh Ayilliath
> [EMAIL PROTECTED]
>
>
>
> - Original Message -
>From: Greg Maletic
>To: [EMAIL PROTECTED] ; Rakesh
>Sent: Thursday, August 16, 2001 9:54 PM
>Subject: RE: session ids
>
>
>I don't believe you can get all valid sessionIDs from the server.  I
> think the API for doing so was deprecated a while back for security
reasons.
>   The way I've solved this in the past was to have each session register
> itself into a application-scoped hashmap, and maintain that map myself.
>
>--Greg
>
>
> -Original Message-
>From:
[EMAIL PROTECTED]
>
[mailto:[EMAIL PROTECTED]]O
n
> Behalf Of Rakesh
>Sent: Thursday, August 16, 2001 12:28 AM
>To: [EMAIL PROTECTED]
>Subject: session ids
>
>
>  Hi ,
>
>  Is there anyway I can get all valid session ids from the server ?
>
>
>   Rakesh Ayilliath
>  (Software Engineer)
>
>  Synergy IT Innovations Pvt Ltd,
>  #196, 1st Floor, 9th Cross,
>  HMT Layout, RT Nagar
>  Bangalore 560032
>
>  [EMAIL PROTECTED]
>
>
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
>

RE: session ids

2001-08-16 Thread Greg Maletic




You 
need whatever class that maintains the hash (maybe the hash itself) to implement 
the HttpSessionBindingListener.  You then need to store the listener as an 
attribute to each session that registers with you.  When the session dies, 
it will notify your object, and it will tell you which session it was associated 
with.
 

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: 
  Thursday, August 16, 2001 9:43 AMTo: 
  [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: 
  session ids
  
  Hi Greg,
   
  I know that this sessioncontext api is 
  currently deprecated. 
  I require this for a very specific reason. When I 
  log-in a user, 
  I save his loginID and the sessionId in a static 
  hash table.
   
  and when he is logged out, I remove it. Each time 
  someone tries 
  to log-in, I check in to the hash to see if he is 
  already logged in and 
  display appropriate error messages to 
  him.
   
  When he logs out by clicking on a logout.do, 
  I remove his
  loginID from the hash and invalidate his session. 
  Now what happens; if 
  he just closes the browser window, or if his 
  session is timed out ?
  How do I remove his name from the Hash 
  ?
   
  Kindly help.
   
   Rakesh Ayilliath
  [EMAIL PROTECTED]
   
   
   
  - Original Message - 
  
From: 
Greg 
Maletic 
To: [EMAIL PROTECTED] 
; Rakesh 

Sent: Thursday, August 16, 2001 9:54 
PM
Subject: RE: session ids

I don't believe you can get all valid sessionIDs from the 
server.  I think the API for doing so was deprecated a while back 
for security reasons.  The way I've solved this in the past 
was to have each session register itself into a application-scoped hashmap, 
and maintain that map myself.
 
--Greg
 
 -Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On 
Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 
AMTo: [EMAIL PROTECTED]Subject: session 
ids

  Hi ,
   
  Is there anyway I can get all valid session 
  ids from the server ?
   
   
   Rakesh Ayilliath(Software 
  Engineer)
   
  Synergy IT Innovations Pvt Ltd,#196, 1st 
  Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032
   
  [EMAIL PROTECTED]

Re: session ids

2001-08-16 Thread Jon Crater


rakesh--

you can solve this problem by having the class responsible for managing the 
hashtable of session ids implement HttpSessionBindingListener.  fill out the 
valueBound(HttpSessionBindingEvent event) and 
valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate 
session id is added/removed when the hashtable manager is unbound from the 
session.

jon


Original Message Follows
From: "Rakesh" <[EMAIL PROTECTED]>
Reply-To: "Rakesh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,   <[EMAIL PROTECTED]>
Subject: Re: session ids
Date: Thu, 16 Aug 2001 22:12:50 +0530

Hi Greg,

I know that this sessioncontext api is currently deprecated.
I require this for a very specific reason. When I log-in a user,
I save his loginID and the sessionId in a static hash table.

and when he is logged out, I remove it. Each time someone tries
to log-in, I check in to the hash to see if he is already logged in and
display appropriate error messages to him.

When he logs out by clicking on a logout.do, I remove his
loginID from the hash and invalidate his session. Now what happens; if
he just closes the browser window, or if his session is timed out ?
How do I remove his name from the Hash ?

Kindly help.

  Rakesh Ayilliath
[EMAIL PROTECTED]



- Original Message -
   From: Greg Maletic
   To: [EMAIL PROTECTED] ; Rakesh
   Sent: Thursday, August 16, 2001 9:54 PM
   Subject: RE: session ids


   I don't believe you can get all valid sessionIDs from the server.  I 
think the API for doing so was deprecated a while back for security reasons. 
  The way I've solved this in the past was to have each session register 
itself into a application-scoped hashmap, and maintain that map myself.

   --Greg


-Original Message-
   From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On 
Behalf Of Rakesh
   Sent: Thursday, August 16, 2001 12:28 AM
   To: [EMAIL PROTECTED]
   Subject: session ids


 Hi ,

 Is there anyway I can get all valid session ids from the server ?


  Rakesh Ayilliath
 (Software Engineer)

 Synergy IT Innovations Pvt Ltd,
 #196, 1st Floor, 9th Cross,
 HMT Layout, RT Nagar
 Bangalore 560032

 [EMAIL PROTECTED]


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Re: session ids

2001-08-16 Thread Rakesh





Hi Greg,
 
I know that this sessioncontext api is 
currently deprecated. 
I require this for a very specific reason. When I 
log-in a user, 
I save his loginID and the sessionId in a static 
hash table.
 
and when he is logged out, I remove it. Each time 
someone tries 
to log-in, I check in to the hash to see if he is 
already logged in and 
display appropriate error messages to 
him.
 
When he logs out by clicking on a logout.do, 
I remove his
loginID from the hash and invalidate his session. 
Now what happens; if 
he just closes the browser window, or if his 
session is timed out ?
How do I remove his name from the Hash 
?
 
Kindly help.
 
 Rakesh Ayilliath
[EMAIL PROTECTED]
 
 
 
- Original Message - 

  From: 
  Greg 
  Maletic 
  To: [EMAIL PROTECTED] 
  ; Rakesh 
  
  Sent: Thursday, August 16, 2001 9:54 
  PM
  Subject: RE: session ids
  
  I 
  don't believe you can get all valid sessionIDs from the server.  I 
  think the API for doing so was deprecated a while back for security 
  reasons.  The way I've solved this in the past was to have each 
  session register itself into a application-scoped hashmap, and maintain 
  that map myself.
   
  --Greg
   
   -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On 
  Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 
  AMTo: [EMAIL PROTECTED]Subject: session 
  ids
  
Hi ,
 
Is there anyway I can get all valid session ids 
from the server ?
 
 
 Rakesh Ayilliath(Software 
Engineer)
 
Synergy IT Innovations Pvt Ltd,#196, 1st 
Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032
 
[EMAIL PROTECTED]

RE: session ids

2001-08-16 Thread Greg Maletic




I 
don't believe you can get all valid sessionIDs from the server.  I 
think the API for doing so was deprecated a while back for security 
reasons.  The way I've solved this in the past was to have each 
session register itself into a application-scoped hashmap, and maintain 
that map myself.
 
--Greg
 
 -Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]]On 
Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 
AMTo: [EMAIL PROTECTED]Subject: session 
ids

  Hi ,
   
  Is there anyway I can get all valid session ids 
  from the server ?
   
   
   Rakesh Ayilliath(Software 
  Engineer)
   
  Synergy IT Innovations Pvt Ltd,#196, 1st 
  Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032
   
  [EMAIL PROTECTED]

session ids

2001-08-15 Thread Rakesh




Hi ,
 
Is there anyway I can get all valid session ids 
from the server ?
 
 
 Rakesh Ayilliath(Software 
Engineer)
 
Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 
9th Cross,HMT Layout, RT NagarBangalore 560032
 
[EMAIL PROTECTED]

Re: netscape 4.7x, session ids and struts

2001-02-26 Thread Rick Smith


This is same problem I so awkwardly brought up this morning. The
examples work on Netscape 6, Mozilla 0.7, Lynx and even IE5 but not on
Netscape 4.72.

Rick 

 Gordon Maclean wrote:
> 
> Using netscape 4.7x on either solaris, linux or windows, the
> struts-example fails, because I am bounced between two different
> sessions.
> 
> The symptom indicates to me that netscape keeps separate lists
> of cookies for the following URLs:
> 
> http://myhost
> http://myhost:80
> 
> As one goes through the struts example, the URL is
> sometimes displayed as myhost, and sometimes as myhost:80,
> and I am never allowed past the login because the user
> information is kept in a session associated with myhost,
> and can't be found in a session associated with myhost:80.
> 
> Environment: struts nightly download as of Feb 12, 2001.
> Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
> 
> I have all cookies enabled in netscape preferences, with
> "Warn before accepting a cookie" also turned on for debugging.
> 
> 1. When I try the struts-example with the following URL:
> 
> http://myhost/struts-example
> 
> Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> and I click OK.
> 
> 2. I select the "Log on ..." link.  Then the logon form is displayed at
> a
>URL of
> http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
> 
> Note the cookie in the URL because struts doesn't yet know if my browser
> accepts cookies.  Also note the port number 80 in the URL.
> 
> 3. I enter user:pass and Submit.
> 
> LogonAction logs the following message:
> 
> 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
> User 'user' logged on in session f78s0eymd1
> 
> The mainMenu.jsp page is displayed, with a URL:
> 
> http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
> 
> (note no port number is in the URL)
> 
> 4. Then, when I select "Edit your" the netscape question box pops up
> asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> The URL is shown as
> http://myhost:80/struts-example/editRegistration.do?action=Edit
> 
> This shouldn't happen, it should use the first session id!
> 
> 5. When I click on OK, then, EditRegistrationAction logs the following
> error:
> 
> 2001-02-15 02:00:55 - path="/struts-example" :action:  User is not
>   logged on in session ynsmafyqr1
> 
> The logon.jsp form is again displayed.  If I enter user:pass, then
> LogonAction reports a successfull login in session f78s0eymd1
> (the first session id again!)
> 
> When I select "Edit ..." I get the same error from
> EditRegistrationAction about "User is not logged on in session
> ynsmafyqr1".
> And so on, ad-infinitum.
> 
> If I disable cookies in netscape preferences, then things
> work with URL rewriting, and EditRegistrationAction forwards me to
> registration.jsp.
> 
> The problem also does not show up with IE 5.
> 
> Also, at step 4, if I manually enter a URL of:
> http://myhost/struts-example/editRegistration.do?action=Edit
> then EditRegistrationAction succeeds and forwards to registration.jsp.
> 
> 
> If I am right about netscape keeping separate cookie lists, then perhaps
> a workaround is for struts (specifically the html taglib) not to add
> the port number when generating URLs?
> 
> I haven't tested this solution.
> 
> Someone must have run into it also?
> 
> Gordon Maclean
> 
> --
> *
> Gordon Maclean, Software Engineer, 303 497-8794
> Nat'l Center for Atmospheric Research, Boulder CO USA
> *

Re: netscape 4.7x, session ids and struts

2001-02-22 Thread Matthias Bauer


Hi Gordon,

I found your problem description about the two different sessions in the mailing
list archive, because today 
I ran into the same thing. I tested with tomcat as a standalone container before
and did not have the problem there, because for every URL I provided the port
number. But when I integrated tomcat with apache for pre deployment testing I
envountered exactly the same behaviour as you.

Did you dig any further into the problem and maybe found some solution. Any help
would be greatly appreciated.

--- Matthias 


Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++ www.livinglogic.de

Re: netscape 4.7x, session ids and struts

2001-02-15 Thread Craig R. McClanahan

Gordon Maclean wrote:

> "Deadman, Hal" wrote:
> >
> > I think the fix that you describe has already been implemented. Are you
> > using a recent nightly build?
>
> As I mentioned:
>
> > Environment: struts nightly download as of Feb 12, 2001.
> > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
>
> I'm using the binary build: jakarta-struts-20010212.tar.gz.
>
> Perhaps it is related to tomcat 3?
>

I believe so ... Struts is at the mercy of the servlet container's
implementation of response.encodeURL() and response.encodeRedirectURL() for
whether or not the port number is included.

>
> Gordon

Craig

Re: netscape 4.7x, session ids and struts

2001-02-15 Thread Gordon Maclean

"Deadman, Hal" wrote:
> 
> I think the fix that you describe has already been implemented. Are you
> using a recent nightly build?

As I mentioned:

> Environment: struts nightly download as of Feb 12, 2001.
> Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.

I'm using the binary build: jakarta-struts-20010212.tar.gz.

Perhaps it is related to tomcat 3? 

Gordon

RE: netscape 4.7x, session ids and struts

2001-02-15 Thread Deadman, Hal

I think the fix that you describe has already been implemented. Are you
using a recent nightly build?

-Original Message-
From: Gordon Maclean [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 14, 2001 9:09 PM
To: [EMAIL PROTECTED]
Subject: netscape 4.7x, session ids and struts

Using netscape 4.7x on either solaris, linux or windows, the
struts-example fails, because I am bounced between two different
sessions.

The symptom indicates to me that netscape keeps separate lists
of cookies for the following URLs:

http://myhost
http://myhost:80

As one goes through the struts example, the URL is
sometimes displayed as myhost, and sometimes as myhost:80,
and I am never allowed past the login because the user
information is kept in a session associated with myhost,
and can't be found in a session associated with myhost:80.

Environment: struts nightly download as of Feb 12, 2001.
Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.

I have all cookies enabled in netscape preferences, with
"Warn before accepting a cookie" also turned on for debugging.

1. When I try the struts-example with the following URL:

http://myhost/struts-example

Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
and I click OK.

2. I select the "Log on ..." link.  Then the logon form is displayed at
a
   URL of
http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1

Note the cookie in the URL because struts doesn't yet know if my browser 
accepts cookies.  Also note the port number 80 in the URL.

3. I enter user:pass and Submit.  

LogonAction logs the following message:

2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: 
User 'user' logged on in session f78s0eymd1

The mainMenu.jsp page is displayed, with a URL: 

http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1

(note no port number is in the URL)

4. Then, when I select "Edit your" the netscape question box pops up
asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
The URL is shown as
http://myhost:80/struts-example/editRegistration.do?action=Edit

This shouldn't happen, it should use the first session id!

5. When I click on OK, then, EditRegistrationAction logs the following
error:

2001-02-15 02:00:55 - path="/struts-example" :action:  User is not
  logged on in session ynsmafyqr1

The logon.jsp form is again displayed.  If I enter user:pass, then
LogonAction reports a successfull login in session f78s0eymd1
(the first session id again!)

When I select "Edit ..." I get the same error from
EditRegistrationAction about "User is not logged on in session
ynsmafyqr1".
And so on, ad-infinitum.

If I disable cookies in netscape preferences, then things
work with URL rewriting, and EditRegistrationAction forwards me to
registration.jsp.

The problem also does not show up with IE 5.

Also, at step 4, if I manually enter a URL of:
http://myhost/struts-example/editRegistration.do?action=Edit
then EditRegistrationAction succeeds and forwards to registration.jsp. 

If I am right about netscape keeping separate cookie lists, then perhaps
a workaround is for struts (specifically the html taglib) not to add
the port number when generating URLs?

I haven't tested this solution.  

Someone must have run into it also?

Gordon Maclean

-- 
*
Gordon Maclean, Software Engineer, 303 497-8794
Nat'l Center for Atmospheric Research, Boulder CO USA
*

netscape 4.7x, session ids and struts

2001-02-14 Thread Gordon Maclean




Using netscape 4.7x on either solaris, linux or windows, the
struts-example fails, because I am bounced between two different
sessions.

The symptom indicates to me that netscape keeps separate lists
of cookies for the following URLs:

http://myhost
http://myhost:80

As one goes through the struts example, the URL is
sometimes displayed as myhost, and sometimes as myhost:80,
and I am never allowed past the login because the user
information is kept in a session associated with myhost,
and can't be found in a session associated with myhost:80.

Environment: struts nightly download as of Feb 12, 2001.
Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.

I have all cookies enabled in netscape preferences, with
"Warn before accepting a cookie" also turned on for debugging.

1. When I try the struts-example with the following URL:

http://myhost/struts-example

Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
and I click OK.

2. I select the "Log on ..." link.  Then the logon form is displayed at
a
   URL of
http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1

Note the cookie in the URL because struts doesn't yet know if my browser 
accepts cookies.  Also note the port number 80 in the URL.

3. I enter user:pass and Submit.  

LogonAction logs the following message:

2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: 
User 'user' logged on in session f78s0eymd1


The mainMenu.jsp page is displayed, with a URL: 

http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1

(note no port number is in the URL)

4. Then, when I select "Edit your" the netscape question box pops up
asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
The URL is shown as
http://myhost:80/struts-example/editRegistration.do?action=Edit
 
This shouldn't happen, it should use the first session id!

5. When I click on OK, then, EditRegistrationAction logs the following
error:

2001-02-15 02:00:55 - path="/struts-example" :action:  User is not
  logged on in session ynsmafyqr1


The logon.jsp form is again displayed.  If I enter user:pass, then
LogonAction reports a successfull login in session f78s0eymd1
(the first session id again!)

When I select "Edit ..." I get the same error from
EditRegistrationAction about "User is not logged on in session
ynsmafyqr1".
And so on, ad-infinitum.

If I disable cookies in netscape preferences, then things
work with URL rewriting, and EditRegistrationAction forwards me to
registration.jsp.

The problem also does not show up with IE 5.

Also, at step 4, if I manually enter a URL of:
http://myhost/struts-example/editRegistration.do?action=Edit
then EditRegistrationAction succeeds and forwards to registration.jsp. 


If I am right about netscape keeping separate cookie lists, then perhaps
a workaround is for struts (specifically the html taglib) not to add
the port number when generating URLs?

I haven't tested this solution.  

Someone must have run into it also?

Gordon Maclean

-- 
*
Gordon Maclean, Software Engineer, 303 497-8794
Nat'l Center for Atmospheric Research, Boulder CO USA
*

Re: session ids cont...

2001-02-01 Thread Peter Alfors


I added the "noCookies" attribute and set it to "true".  However, the two
instances of Netscape 4.7 still show that they are using the same session.
I.E. 5.0 does display different session ID still.

see notes below...

"Craig R. McClanahan" wrote:

> Peter Alfors wrote:
>
> > "Kramer, Gary" wrote:
> >
> > >
> > >
> > >
> > > I had similiar problems.  You need to turn off the use of Cookies on
> > > your server (in Tomcat this setting is in server.xml).   When the user
> > > opens 2 browsers, they will always have different session ids in both
> > > IE and Netscape since the first URL they will use will not have a
> > > session id included.
> > >
> >
> > How do I turn off the use of cookies in the server.xml?  I only see one
> > location where cookies are mentioned.
> > 
> > 
> >  > className="org.apache.tomcat.request.SessionInterceptor" />
> >
> > Do I comment out this section?
> >
>
> For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults
> to "false".  You need to set it to "true":
>
>  className="org.apache.tomcat.request.SessionInterceptor"
> noCookies="true"/>
>
> NOTE:  Using URL rewriting does *not* catch every case of multiple windows
> sharing session ids.  Consider that the user can right-click on a hyperlink
> (containing the session id) and select "Open in New Window".  Because the
> hyperlink being clicked had a session id in it already, the new window will
> still be part of the old session -- so your app logic needs to be ready to
> deal with this.
>

So it sounds like what I am looking for is to get the browser instances (IE and
Netscape) to generate unique session ids. Then, I need to perform URL-rewriting
for all of my links within the webapp.  This will solve my problem if the user
has opened up multiple browser instances (from the desktop, not through file
--> new--> Window).
I can use the  tag to accomplish this throughout the site.

However, I will also need to add some sort of "smarts" to the app to handle the
possibility that the user opened a new browser instance from the (file --> new
--> Window) option.

Am I on the right track?  (sorry if I sound so confused, but I am)  :)

> Craig McClanahan


begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

Re: session ids cont...

2001-02-01 Thread Craig R. McClanahan


Peter Alfors wrote:

> I added the "noCookies" attribute and set it to "true".  However, the two
> instances of Netscape 4.7 still show that they are using the same session.
> I.E. 5.0 does display different session ID still.
>
> see notes below...
>
> "Craig R. McClanahan" wrote:
>
> > Peter Alfors wrote:
> >
> > > "Kramer, Gary" wrote:
> > >
> > > >
> > > >
> > > >
> > > > I had similiar problems.  You need to turn off the use of Cookies on
> > > > your server (in Tomcat this setting is in server.xml).   When the user
> > > > opens 2 browsers, they will always have different session ids in both
> > > > IE and Netscape since the first URL they will use will not have a
> > > > session id included.
> > > >
> > >
> > > How do I turn off the use of cookies in the server.xml?  I only see one
> > > location where cookies are mentioned.
> > > 
> > > 
> > >  > > className="org.apache.tomcat.request.SessionInterceptor" />
> > >
> > > Do I comment out this section?
> > >
> >
> > For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults
> > to "false".  You need to set it to "true":
> >
> >  > className="org.apache.tomcat.request.SessionInterceptor"
> > noCookies="true"/>
> >
> > NOTE:  Using URL rewriting does *not* catch every case of multiple windows
> > sharing session ids.  Consider that the user can right-click on a hyperlink
> > (containing the session id) and select "Open in New Window".  Because the
> > hyperlink being clicked had a session id in it already, the new window will
> > still be part of the old session -- so your app logic needs to be ready to
> > deal with this.
> >
>
> So it sounds like what I am looking for is to get the browser instances (IE and
> Netscape) to generate unique session ids.

No, unfortunately it has nothing to do with this -- session ids are generated by
the server, not by the client.  The sad fact of web application development is that
the stupid browsers do not do what we want in all circumstances (for example,
Netscape always sends the same cookies back no matter which Window you are in,
while IE doesn't -- some versions -- or can be configured not to -- some versions).

> Then, I need to perform URL-rewriting
> for all of my links within the webapp.  This will solve my problem if the user
> has opened up multiple browser instances (from the desktop, not through file
> --> new--> Window).
> I can use the  tag to accomplish this throughout the site.
>
> However, I will also need to add some sort of "smarts" to the app to handle the
> possibility that the user opened a new browser instance from the (file --> new
> --> Window) option.
>
> Am I on the right track?  (sorry if I sound so confused, but I am)  :)
>

Yep ... you *always* need to program defensively with respect to the chance that
the user will have multiple windows open as part of the same session.

>
> > Craig McClanahan

Craig

RE: session ids cont...

2001-02-01 Thread Kramer, Gary

Title: RE: session ids cont...

When I try Netscape4.7, it gives me different sessions IDs.  As I understand it, the session id is assigned by Tomcat (i.e. jsessionid=asdkfjl), not by the browsers.   If you disable cookie use in Tomcat and there is no jsessionid parameter in the URL, then Tomcat cannot link your request to any session and therefore has no choice but to create a new session.

Your explanation of using  and rewriting within a session is exactly what I'm doing (or trying to do).  I also put in some defensive code to determine if the user messed with the URL or created a new browser with the same URL.  I put code in my Form bean's reset method to double check that the request that is coming in actually applies to the object the user was last working on.  This also defends against some of the problems caused by hitting the back and forward buttons.  Still, very annoying.

-Original Message-
From: Peter Alfors
To: [EMAIL PROTECTED]
Sent: 2/1/01 5:11 PM
Subject: Re: session ids cont...

I added the "noCookies" attribute and set it to "true".  However, the
two
instances of Netscape 4.7 still show that they are using the same
session.
I.E. 5.0 does display different session ID still.

see notes below...

"Craig R. McClanahan" wrote:

> Peter Alfors wrote:
>
> > "Kramer, Gary" wrote:
> >
> > >
> > >
> > >
> > > I had similiar problems.  You need to turn off the use of Cookies
on
> > > your server (in Tomcat this setting is in server.xml).   When the
user
> > > opens 2 browsers, they will always have different session ids in
both
> > > IE and Netscape since the first URL they will use will not have a
> > > session id included.
> > >
> >
> > How do I turn off the use of cookies in the server.xml?  I only see
one
> > location where cookies are mentioned.
> > 
> > 
> > 
> > className="org.apache.tomcat.request.SessionInterceptor"
/>
> >
> > Do I comment out this section?
> >
>
> For Tomcat 3.2.1 there is a noCookies attribute on this entry that
defaults
> to "false".  You need to set it to "true":
>
> 
> className="org.apache.tomcat.request.SessionInterceptor"
> noCookies="true"/>
>
> NOTE:  Using URL rewriting does *not* catch every case of multiple
windows
> sharing session ids.  Consider that the user can right-click on a
hyperlink
> (containing the session id) and select "Open in New Window".  Because
the
> hyperlink being clicked had a session id in it already, the new window
will
> still be part of the old session -- so your app logic needs to be
ready to
> deal with this.
>

So it sounds like what I am looking for is to get the browser instances
(IE and
Netscape) to generate unique session ids. Then, I need to perform
URL-rewriting
for all of my links within the webapp.  This will solve my problem if
the user
has opened up multiple browser instances (from the desktop, not through
file
--> new--> Window).
I can use the  tag to accomplish this throughout the site.

However, I will also need to add some sort of "smarts" to the app to
handle the
possibility that the user opened a new browser instance from the (file
--> new
--> Window) option.

Am I on the right track?  (sorry if I sound so confused, but I am)  :)

> Craig McClanahan
 <>

Re: session ids cont...

2001-02-01 Thread Craig R. McClanahan

Peter Alfors wrote:

> "Kramer, Gary" wrote:
>
> >
> >
> >
> > I had similiar problems.  You need to turn off the use of Cookies on
> > your server (in Tomcat this setting is in server.xml).   When the user
> > opens 2 browsers, they will always have different session ids in both
> > IE and Netscape since the first URL they will use will not have a
> > session id included.
> >
>
> How do I turn off the use of cookies in the server.xml?  I only see one
> location where cookies are mentioned.
> 
> 
>  className="org.apache.tomcat.request.SessionInterceptor" />
>
> Do I comment out this section?
>

For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults
to "false".  You need to set it to "true":

NOTE:  Using URL rewriting does *not* catch every case of multiple windows
sharing session ids.  Consider that the user can right-click on a hyperlink
(containing the session id) and select "Open in New Window".  Because the
hyperlink being clicked had a session id in it already, the new window will
still be part of the old session -- so your app logic needs to be ready to
deal with this.

Craig McClanahan

Re: session ids cont...

2001-02-01 Thread Peter Alfors




"Kramer, Gary" wrote:

>
>
>
> I had similiar problems.  You need to turn off the use of Cookies on
> your server (in Tomcat this setting is in server.xml).   When the user
> opens 2 browsers, they will always have different session ids in both
> IE and Netscape since the first URL they will use will not have a
> session id included.
>

How do I turn off the use of cookies in the server.xml?  I only see one
location where cookies are mentioned.




Do I comment out this section?

>
> If you open a new browser from another such as via JavaScript
> window.open(), you need to make sure the URL is NOT encoded with the
> session id.  This will cause the server to start a new session.
> Unfortunately, all the Struts tags dealing with URLs (Form, Link,
> etc.) always encode, so you can't use them when creating the new URL.
>
> Gary
>
>
> -Original Message-
> From: Peter Alfors
> To: [EMAIL PROTECTED]
> Sent: 2/1/01 2:28 PM
> Subject: Re: session ids cont...
>
>
> "Steven D. Wilkinson" wrote:
>
> > Peter,
> > > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
>
> > > browser session.  However, both Netscape 4.7 and Netscape 6 return
>
> the
> > > same Id.
>
> >
> > What do you mean by simultaneous browser sessions.  If you create a
> new window
> > CTL+N in IE5.0 you get the same id. (Is this simultaneous?)
>
> If I start Netscape 4.7 from my desktop (2 instances of it) and go to
> the same page
> in my webapp.  I can printout the session id on the screen.  Both
> browser instances
> will have the same session id.
> However, two instances of IE 5.0 will have different IDs.  (this is
> what
> I want).
>
> >
> >
> > I thought that both netscape and IE generate new id's if you launch
> the browser
> > from the desktop.  I also thought both netscape and IE use the same
> id's if you
> > create a new window from an existing window.
> >
>
> I haven't tried creating a new window from either netscape or IE.  But
>
> if this will
> cause both windows to have the same session, then this is something I
> need to
> handle also.
>
> >
> > I use IE5.0 for my testing and this is that way it works, at least
> with the
> > build from 01-28-2001.  I can create a new browser window from the
> current one
> > and both have the same jsessionid.
> >
>
> I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing.
>
> >
> > I'm using Tomcat4.0-m5 for my testing.  I don't know what you are
> using.
> >
>
> I am using Tomcat 3.2
>
> >
> > Are you using the  for all of your links?  And are you
> using
> >  for all of your actions?  I found that if you don't
> you
> will have
> > a problem.  It's either all or nothing.  If it's nothing your on
> your
> own.  At
> > least that has been my experience.
> >
>
> Right now I am NOT encoding my links.  However, if my assumptions are
> correct...
> Encoding the links will not help me.  Encoding adds the session id as
> a
> query
> string to the links.  If the two windows have the same session, then
> the
> links (in
> each window) will still use the same session.
>
> >
> > Steve
>
> Here is the problem I am running across.   I use beans that store
> information
> pertaining to a specific record in the database.  When a user selects
> an
> item from
> a list, the bean is populated and placed in the session.  I put it in
> the session
> because subsequent pages require this beans information as well.
> However, if the
> user has two browser windows running, sharing a session, it is
> possible
> for the
> user to update the data for the bean in one window, and then retrieve
> incorrect
> information in the other window.
>
> It is very probable that a user will want to have multiple browsers
> running so that
> he/she can compare data.
>
> I hope you can all follow that.  I don't think that I described it
> very
> well.
>
>  <>


begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

RE: session ids cont...

2001-02-01 Thread Kramer, Gary

Title: RE: session ids cont...

I had similiar problems.  You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml).   When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included.  

If you open a new browser from another such as via JavaScript window.open(), you need to make sure the URL is NOT encoded with the session id.  This will cause the server to start a new session.   Unfortunately, all the Struts tags dealing with URLs (Form, Link, etc.) always encode, so you can't use them when creating the new URL.

Gary

-Original Message-
From: Peter Alfors
To: [EMAIL PROTECTED]
Sent: 2/1/01 2:28 PM
Subject: Re: session ids cont...

"Steven D. Wilkinson" wrote:

> Peter,
> > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
> > browser session.  However, both Netscape 4.7 and Netscape 6 return
the
> > same Id.

>
> What do you mean by simultaneous browser sessions.  If you create a
new window
> CTL+N in IE5.0 you get the same id. (Is this simultaneous?)

If I start Netscape 4.7 from my desktop (2 instances of it) and go to
the same page
in my webapp.  I can printout the session id on the screen.  Both
browser instances
will have the same session id.
However, two instances of IE 5.0 will have different IDs.  (this is what
I want).

>
>
> I thought that both netscape and IE generate new id's if you launch
the browser
> from the desktop.  I also thought both netscape and IE use the same
id's if you
> create a new window from an existing window.
>

I haven't tried creating a new window from either netscape or IE.  But
if this will
cause both windows to have the same session, then this is something I
need to
handle also.

>
> I use IE5.0 for my testing and this is that way it works, at least
with the
> build from 01-28-2001.  I can create a new browser window from the
current one
> and both have the same jsessionid.
>

I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing.

>
> I'm using Tomcat4.0-m5 for my testing.  I don't know what you are
using.
>

I am using Tomcat 3.2

>
> Are you using the  for all of your links?  And are you
using
>  for all of your actions?  I found that if you don't you
will have
> a problem.  It's either all or nothing.  If it's nothing your on your
own.  At
> least that has been my experience.
>

Right now I am NOT encoding my links.  However, if my assumptions are
correct...
Encoding the links will not help me.  Encoding adds the session id as a
query
string to the links.  If the two windows have the same session, then the
links (in
each window) will still use the same session.

>
> Steve

Here is the problem I am running across.   I use beans that store
information
pertaining to a specific record in the database.  When a user selects an
item from
a list, the bean is populated and placed in the session.  I put it in
the session
because subsequent pages require this beans information as well.
However, if the
user has two browser windows running, sharing a session, it is possible
for the
user to update the data for the bean in one window, and then retrieve
incorrect
information in the other window.

It is very probable that a user will want to have multiple browsers
running so that
he/she can compare data.

I hope you can all follow that.  I don't think that I described it very
well.

 <>

Re: session ids cont...

2001-02-01 Thread Peter Alfors

"Steven D. Wilkinson" wrote:

> Peter,
> > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
> > browser session.  However, both Netscape 4.7 and Netscape 6 return the
> > same Id.

>
> What do you mean by simultaneous browser sessions.  If you create a new window
> CTL+N in IE5.0 you get the same id. (Is this simultaneous?)

If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page
in my webapp.  I can printout the session id on the screen.  Both browser instances
will have the same session id.
However, two instances of IE 5.0 will have different IDs.  (this is what I want).

>
>
> I thought that both netscape and IE generate new id's if you launch the browser
> from the desktop.  I also thought both netscape and IE use the same id's if you
> create a new window from an existing window.
>

I haven't tried creating a new window from either netscape or IE.  But if this will
cause both windows to have the same session, then this is something I need to
handle also.

>
> I use IE5.0 for my testing and this is that way it works, at least with the
> build from 01-28-2001.  I can create a new browser window from the current one
> and both have the same jsessionid.
>

I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing.

>
> I'm using Tomcat4.0-m5 for my testing.  I don't know what you are using.
>

I am using Tomcat 3.2

>
> Are you using the  for all of your links?  And are you using
>  for all of your actions?  I found that if you don't you will have
> a problem.  It's either all or nothing.  If it's nothing your on your own.  At
> least that has been my experience.
>

Right now I am NOT encoding my links.  However, if my assumptions are correct...
Encoding the links will not help me.  Encoding adds the session id as a query
string to the links.  If the two windows have the same session, then the links (in
each window) will still use the same session.

>
> Steve

Here is the problem I am running across.   I use beans that store information
pertaining to a specific record in the database.  When a user selects an item from
a list, the bean is populated and placed in the session.  I put it in the session
because subsequent pages require this beans information as well.  However, if the
user has two browser windows running, sharing a session, it is possible for the
user to update the data for the bean in one window, and then retrieve incorrect
information in the other window.

It is very probable that a user will want to have multiple browsers running so that
he/she can compare data.

I hope you can all follow that.  I don't think that I described it very well.

begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

Re: session ids cont...

2001-02-01 Thread Maya Muchnik


It was posted as a Subject : "what starts session?", Date: Wed, 24 Jan 2001
16:07:49 -0800 (PST) and  responses were followed.


"Steven D. Wilkinson" wrote:

> >
> > In [EMAIL PROTECTED] this issue was discussed (why and when
> > IE supports different sessionID, and Netscape - not). The main thing is,
> > Netscape is reading any cookies from one file, IE - from different files.
>
> Do you have a reference to said article?  If not how about the subject and date?
> Hum... IE and Netscape sharing the same id?  I never thought they could.  I
> guess I already realized that they store cookies in different files.  Is that
> what was being asked?
>
> Steve

Re: session ids cont...

2001-02-01 Thread Steven D. Wilkinson


Peter,
> I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
> browser session.  However, both Netscape 4.7 and Netscape 6 return the
> same Id.

What do you mean by simultaneous browser sessions.  If you create a new window
CTL+N in IE5.0 you get the same id. (Is this simultaneous?) 

I thought that both netscape and IE generate new id's if you launch the browser
from the desktop.  I also thought both netscape and IE use the same id's if you
create a new window from an existing window.  

I use IE5.0 for my testing and this is that way it works, at least with the
build from 01-28-2001.  I can create a new browser window from the current one
and both have the same jsessionid.  

I'm using Tomcat4.0-m5 for my testing.  I don't know what you are using.

Are you using the  for all of your links?  And are you using
 for all of your actions?  I found that if you don't you will have
a problem.  It's either all or nothing.  If it's nothing your on your own.  At
least that has been my experience.  

Steve

Re: session ids cont...

2001-02-01 Thread Jannik Nørgaard Steen


I have just tested our web application prototype on Netscape 4.7 and there
are no problems
with URL-rewriting and jessionid's.
The servlet container (Resin 1.1.5) picks the right sessions for the right
clients.

We use a mix of hardcoded with dynamic jsessionid insertion, Struts
 and Javascript generated links on our pages and it works fine.



The following principles were used:

- Hardcoded links: Text

- Struts: well it does it by itself.

- JavaScript: call a function with parameter jessionid obtained from session
object and use it to build link. Example:

 function openInfoWin(host, oid, sessionID)
 {
  var hostURL = "http://"+host+";jsessionid="+sessionID+"?oid="+oid;
  window.open(hostURL, "InfoWin", "scrollbars=no, resizable=yes, width=600,
height=800");
 }


We always put the jsessionid right after the URL since it is a path
parameter and *not* a request parameter.
Remember to use semicolon as divider or else it will not be picked up.

Could you provide an example of your nonworking JSP or Java code ?

- Original Message -
From: "Peter Alfors" <[EMAIL PROTECTED]>
To: "struts-user" <[EMAIL PROTECTED]>
Sent: Thursday, February 01, 2001 5:12 PM
Subject: session ids cont...


> I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
> browser session.  However, both Netscape 4.7 and Netscape 6 return the
> same Id.
>
> I dont think that URL-rewriting will help in this situation.  If I
> understand URL-rewriting correctly, all that is happening is that the
> session id is being tacked on the end of the request URL.
>
> Has anyone else run into this problem (and hopefully come up with a
> solution?)
>
> One alternative is to generate my own session object with a unique Id
> the frist time the user makes a request.  Then the action controller
> could manage the sessions, while the pages use URL-rewriting to notify
> the action controller which session to use.
>
> I don't particularly care for this solution, so I am hoping that I am
> over-looking something simple.  :)
>
> Pete
>

session ids cont...

2001-02-01 Thread Peter Alfors


I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
browser session.  However, both Netscape 4.7 and Netscape 6 return the
same Id.

I dont think that URL-rewriting will help in this situation.  If I
understand URL-rewriting correctly, all that is happening is that the
session id is being tacked on the end of the request URL.

Has anyone else run into this problem (and hopefully come up with a
solution?)

One alternative is to generate my own session object with a unique Id
the frist time the user makes a request.  Then the action controller
could manage the sessions, while the pages use URL-rewriting to notify
the action controller which session to use.

I don't particularly care for this solution, so I am hoping that I am
over-looking something simple.  :)

Pete


begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

Re: session ids cont...

2001-02-01 Thread Steven D. Wilkinson


> 
> In [EMAIL PROTECTED] this issue was discussed (why and when
> IE supports different sessionID, and Netscape - not). The main thing is,
> Netscape is reading any cookies from one file, IE - from different files.

Do you have a reference to said article?  If not how about the subject and date?
Hum... IE and Netscape sharing the same id?  I never thought they could.  I
guess I already realized that they store cookies in different files.  Is that
what was being asked?  

Steve

Re: session ids cont...

2001-02-01 Thread Maya Muchnik


In [EMAIL PROTECTED] this issue was discussed (why and when
IE supports different sessionID, and Netscape - not). The main thing is,
Netscape is reading any cookies from one file, IE - from different files.

Peter Alfors wrote:

> I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
> browser session.  However, both Netscape 4.7 and Netscape 6 return the
> same Id.
>
> I dont think that URL-rewriting will help in this situation.  If I
> understand URL-rewriting correctly, all that is happening is that the
> session id is being tacked on the end of the request URL.
>
> Has anyone else run into this problem (and hopefully come up with a
> solution?)
>
> One alternative is to generate my own session object with a unique Id
> the frist time the user makes a request.  Then the action controller
> could manage the sessions, while the pages use URL-rewriting to notify
> the action controller which session to use.
>
> I don't particularly care for this solution, so I am hoping that I am
> over-looking something simple.  :)
>
> Pete

session ids

2001-02-01 Thread Peter Alfors


Hello,

I am running across the problem where two simultaneous browser sessions
(Netscape) are sharing the same session.
Is this where the 'jsessionid' stuff comes into play?
If so, where can I look for information on this?
If not, is there another solution in struts?

thanks,
Pete


begin:vcard 
n:;
x-mozilla-html:FALSE
org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain
adr:;;
version:2.1
end:vcard

Re: session ids

Re: session ids

RE: session ids

Re: session ids

Re: session ids

RE: session ids

session ids

Re: netscape 4.7x, session ids and struts

Re: netscape 4.7x, session ids and struts

Re: netscape 4.7x, session ids and struts

Re: netscape 4.7x, session ids and struts

RE: netscape 4.7x, session ids and struts

netscape 4.7x, session ids and struts

Re: session ids cont...

Re: session ids cont...

RE: session ids cont...

Re: session ids cont...

Re: session ids cont...

RE: session ids cont...

Re: session ids cont...

Re: session ids cont...

Re: session ids cont...

Re: session ids cont...

session ids cont...

Re: session ids cont...

Re: session ids cont...

session ids

27 matches

Site Navigation

Mail list logo

Footer information