Re: session ids
You can retrieve the current user's "session id" from the HttpSessionBindingEvent e using "e.getSession().getId()". Use this value to look up an entry in your hastable and remove it. The HttpSessionBindingEvent is generated when the session is invalidated (valueUnbound()) or created (valueBound()). For more details read the Java doc on HttpSessionBindingEvent. Make sure your class maintaining the hashtable implements the javax.servlet.http.HttpSessionBindingListener interface. Regards, Guus - Original Message - From: "Rakesh" <[EMAIL PROTECTED]> To: "Jon Crater" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, August 19, 2001 12:01 Subject: Re: session ids > do u have an example > > > Rakesh Ayilliath > > [EMAIL PROTECTED] > > - Original Message - > From: "Jon Crater" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, August 16, 2001 10:27 PM > Subject: Re: session ids > > > > rakesh-- > > > > you can solve this problem by having the class responsible for managing > the > > hashtable of session ids implement HttpSessionBindingListener. fill out > the > > valueBound(HttpSessionBindingEvent event) and > > valueUnbound(HttpSessionBindingEvent event) methods so that the > appropriate > > session id is added/removed when the hashtable manager is unbound from the > > session. > > > > jon > > > > > > Original Message Follows > > From: "Rakesh" <[EMAIL PROTECTED]> > > Reply-To: "Rakesh" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > > Subject: Re: session ids > > Date: Thu, 16 Aug 2001 22:12:50 +0530 > > > > Hi Greg, > > > > I know that this sessioncontext api is currently deprecated. > > I require this for a very specific reason. When I log-in a user, > > I save his loginID and the sessionId in a static hash table. > > > > and when he is logged out, I remove it. Each time someone tries > > to log-in, I check in to the hash to see if he is already logged in and > > display appropriate error messages to him. > > > > When he logs out by clicking on a logout.do, I remove his > > loginID from the hash and invalidate his session. Now what happens; if > > he just closes the browser window, or if his session is timed out ? > > How do I remove his name from the Hash ? > > > > Kindly help. > > > > Rakesh Ayilliath > > [EMAIL PROTECTED] > > > > > > > > - Original Message - > >From: Greg Maletic > >To: [EMAIL PROTECTED] ; Rakesh > >Sent: Thursday, August 16, 2001 9:54 PM > >Subject: RE: session ids > > > > > >I don't believe you can get all valid sessionIDs from the server. I > > think the API for doing so was deprecated a while back for security > reasons. > > The way I've solved this in the past was to have each session register > > itself into a application-scoped hashmap, and maintain that map myself. > > > >--Greg > > > > > > -Original Message- > >From: > [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]O > n > > Behalf Of Rakesh > >Sent: Thursday, August 16, 2001 12:28 AM > >To: [EMAIL PROTECTED] > >Subject: session ids > > > > > > Hi , > > > > Is there anyway I can get all valid session ids from the server ? > > > > > > Rakesh Ayilliath > > (Software Engineer) > > > > Synergy IT Innovations Pvt Ltd, > > #196, 1st Floor, 9th Cross, > > HMT Layout, RT Nagar > > Bangalore 560032 > > > > [EMAIL PROTECTED] > > > > > > _ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > > >
Re: session ids
do u have an example Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: "Jon Crater" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 16, 2001 10:27 PM Subject: Re: session ids > rakesh-- > > you can solve this problem by having the class responsible for managing the > hashtable of session ids implement HttpSessionBindingListener. fill out the > valueBound(HttpSessionBindingEvent event) and > valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate > session id is added/removed when the hashtable manager is unbound from the > session. > > jon > > > Original Message Follows > From: "Rakesh" <[EMAIL PROTECTED]> > Reply-To: "Rakesh" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> > Subject: Re: session ids > Date: Thu, 16 Aug 2001 22:12:50 +0530 > > Hi Greg, > > I know that this sessioncontext api is currently deprecated. > I require this for a very specific reason. When I log-in a user, > I save his loginID and the sessionId in a static hash table. > > and when he is logged out, I remove it. Each time someone tries > to log-in, I check in to the hash to see if he is already logged in and > display appropriate error messages to him. > > When he logs out by clicking on a logout.do, I remove his > loginID from the hash and invalidate his session. Now what happens; if > he just closes the browser window, or if his session is timed out ? > How do I remove his name from the Hash ? > > Kindly help. > > Rakesh Ayilliath > [EMAIL PROTECTED] > > > > - Original Message - >From: Greg Maletic >To: [EMAIL PROTECTED] ; Rakesh >Sent: Thursday, August 16, 2001 9:54 PM >Subject: RE: session ids > > >I don't believe you can get all valid sessionIDs from the server. I > think the API for doing so was deprecated a while back for security reasons. > The way I've solved this in the past was to have each session register > itself into a application-scoped hashmap, and maintain that map myself. > >--Greg > > > -Original Message- >From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]O n > Behalf Of Rakesh >Sent: Thursday, August 16, 2001 12:28 AM >To: [EMAIL PROTECTED] >Subject: session ids > > > Hi , > > Is there anyway I can get all valid session ids from the server ? > > > Rakesh Ayilliath > (Software Engineer) > > Synergy IT Innovations Pvt Ltd, > #196, 1st Floor, 9th Cross, > HMT Layout, RT Nagar > Bangalore 560032 > > [EMAIL PROTECTED] > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > >
RE: session ids
You need whatever class that maintains the hash (maybe the hash itself) to implement the HttpSessionBindingListener. You then need to store the listener as an attribute to each session that registers with you. When the session dies, it will notify your object, and it will tell you which session it was associated with. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 9:43 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: session ids Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
Re: session ids
rakesh-- you can solve this problem by having the class responsible for managing the hashtable of session ids implement HttpSessionBindingListener. fill out the valueBound(HttpSessionBindingEvent event) and valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate session id is added/removed when the hashtable manager is unbound from the session. jon Original Message Follows From: "Rakesh" <[EMAIL PROTECTED]> Reply-To: "Rakesh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: session ids Date: Thu, 16 Aug 2001 22:12:50 +0530 Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rakesh Sent: Thursday, August 16, 2001 12:28 AM To: [EMAIL PROTECTED] Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath (Software Engineer) Synergy IT Innovations Pvt Ltd, #196, 1st Floor, 9th Cross, HMT Layout, RT Nagar Bangalore 560032 [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Re: session ids
Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
RE: session ids
I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
session ids
Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
Re: netscape 4.7x, session ids and struts
This is same problem I so awkwardly brought up this morning. The examples work on Netscape 6, Mozilla 0.7, Lynx and even IE5 but not on Netscape 4.72. Rick Gordon Maclean wrote: > > Using netscape 4.7x on either solaris, linux or windows, the > struts-example fails, because I am bounced between two different > sessions. > > The symptom indicates to me that netscape keeps separate lists > of cookies for the following URLs: > > http://myhost > http://myhost:80 > > As one goes through the struts example, the URL is > sometimes displayed as myhost, and sometimes as myhost:80, > and I am never allowed past the login because the user > information is kept in a session associated with myhost, > and can't be found in a session associated with myhost:80. > > Environment: struts nightly download as of Feb 12, 2001. > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7. > > I have all cookies enabled in netscape preferences, with > "Warn before accepting a cookie" also turned on for debugging. > > 1. When I try the struts-example with the following URL: > > http://myhost/struts-example > > Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1, > and I click OK. > > 2. I select the "Log on ..." link. Then the logon form is displayed at > a >URL of > http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1 > > Note the cookie in the URL because struts doesn't yet know if my browser > accepts cookies. Also note the port number 80 in the URL. > > 3. I enter user:pass and Submit. > > LogonAction logs the following message: > > 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: > User 'user' logged on in session f78s0eymd1 > > The mainMenu.jsp page is displayed, with a URL: > > http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1 > > (note no port number is in the URL) > > 4. Then, when I select "Edit your" the netscape question box pops up > asking if I want to send a cookie JSESSIONID=ynsmafyqr1. > The URL is shown as > http://myhost:80/struts-example/editRegistration.do?action=Edit > > This shouldn't happen, it should use the first session id! > > 5. When I click on OK, then, EditRegistrationAction logs the following > error: > > 2001-02-15 02:00:55 - path="/struts-example" :action: User is not > logged on in session ynsmafyqr1 > > The logon.jsp form is again displayed. If I enter user:pass, then > LogonAction reports a successfull login in session f78s0eymd1 > (the first session id again!) > > When I select "Edit ..." I get the same error from > EditRegistrationAction about "User is not logged on in session > ynsmafyqr1". > And so on, ad-infinitum. > > If I disable cookies in netscape preferences, then things > work with URL rewriting, and EditRegistrationAction forwards me to > registration.jsp. > > The problem also does not show up with IE 5. > > Also, at step 4, if I manually enter a URL of: > http://myhost/struts-example/editRegistration.do?action=Edit > then EditRegistrationAction succeeds and forwards to registration.jsp. > > > If I am right about netscape keeping separate cookie lists, then perhaps > a workaround is for struts (specifically the html taglib) not to add > the port number when generating URLs? > > I haven't tested this solution. > > Someone must have run into it also? > > Gordon Maclean > > -- > * > Gordon Maclean, Software Engineer, 303 497-8794 > Nat'l Center for Atmospheric Research, Boulder CO USA > *
Re: netscape 4.7x, session ids and struts
Hi Gordon, I found your problem description about the two different sessions in the mailing list archive, because today I ran into the same thing. I tested with tomcat as a standalone container before and did not have the problem there, because for every URL I provided the port number. But when I integrated tomcat with apache for pre deployment testing I envountered exactly the same behaviour as you. Did you dig any further into the problem and maybe found some solution. Any help would be greatly appreciated. --- Matthias Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++ www.livinglogic.de
Re: netscape 4.7x, session ids and struts
Gordon Maclean wrote: > "Deadman, Hal" wrote: > > > > I think the fix that you describe has already been implemented. Are you > > using a recent nightly build? > > As I mentioned: > > > Environment: struts nightly download as of Feb 12, 2001. > > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7. > > I'm using the binary build: jakarta-struts-20010212.tar.gz. > > Perhaps it is related to tomcat 3? > I believe so ... Struts is at the mercy of the servlet container's implementation of response.encodeURL() and response.encodeRedirectURL() for whether or not the port number is included. > > Gordon Craig
Re: netscape 4.7x, session ids and struts
"Deadman, Hal" wrote: > > I think the fix that you describe has already been implemented. Are you > using a recent nightly build? As I mentioned: > Environment: struts nightly download as of Feb 12, 2001. > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7. I'm using the binary build: jakarta-struts-20010212.tar.gz. Perhaps it is related to tomcat 3? Gordon
RE: netscape 4.7x, session ids and struts
I think the fix that you describe has already been implemented. Are you using a recent nightly build? -Original Message- From: Gordon Maclean [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 14, 2001 9:09 PM To: [EMAIL PROTECTED] Subject: netscape 4.7x, session ids and struts Using netscape 4.7x on either solaris, linux or windows, the struts-example fails, because I am bounced between two different sessions. The symptom indicates to me that netscape keeps separate lists of cookies for the following URLs: http://myhost http://myhost:80 As one goes through the struts example, the URL is sometimes displayed as myhost, and sometimes as myhost:80, and I am never allowed past the login because the user information is kept in a session associated with myhost, and can't be found in a session associated with myhost:80. Environment: struts nightly download as of Feb 12, 2001. Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7. I have all cookies enabled in netscape preferences, with "Warn before accepting a cookie" also turned on for debugging. 1. When I try the struts-example with the following URL: http://myhost/struts-example Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1, and I click OK. 2. I select the "Log on ..." link. Then the logon form is displayed at a URL of http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1 Note the cookie in the URL because struts doesn't yet know if my browser accepts cookies. Also note the port number 80 in the URL. 3. I enter user:pass and Submit. LogonAction logs the following message: 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: User 'user' logged on in session f78s0eymd1 The mainMenu.jsp page is displayed, with a URL: http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1 (note no port number is in the URL) 4. Then, when I select "Edit your" the netscape question box pops up asking if I want to send a cookie JSESSIONID=ynsmafyqr1. The URL is shown as http://myhost:80/struts-example/editRegistration.do?action=Edit This shouldn't happen, it should use the first session id! 5. When I click on OK, then, EditRegistrationAction logs the following error: 2001-02-15 02:00:55 - path="/struts-example" :action: User is not logged on in session ynsmafyqr1 The logon.jsp form is again displayed. If I enter user:pass, then LogonAction reports a successfull login in session f78s0eymd1 (the first session id again!) When I select "Edit ..." I get the same error from EditRegistrationAction about "User is not logged on in session ynsmafyqr1". And so on, ad-infinitum. If I disable cookies in netscape preferences, then things work with URL rewriting, and EditRegistrationAction forwards me to registration.jsp. The problem also does not show up with IE 5. Also, at step 4, if I manually enter a URL of: http://myhost/struts-example/editRegistration.do?action=Edit then EditRegistrationAction succeeds and forwards to registration.jsp. If I am right about netscape keeping separate cookie lists, then perhaps a workaround is for struts (specifically the html taglib) not to add the port number when generating URLs? I haven't tested this solution. Someone must have run into it also? Gordon Maclean -- * Gordon Maclean, Software Engineer, 303 497-8794 Nat'l Center for Atmospheric Research, Boulder CO USA *
netscape 4.7x, session ids and struts
Using netscape 4.7x on either solaris, linux or windows, the struts-example fails, because I am bounced between two different sessions. The symptom indicates to me that netscape keeps separate lists of cookies for the following URLs: http://myhost http://myhost:80 As one goes through the struts example, the URL is sometimes displayed as myhost, and sometimes as myhost:80, and I am never allowed past the login because the user information is kept in a session associated with myhost, and can't be found in a session associated with myhost:80. Environment: struts nightly download as of Feb 12, 2001. Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7. I have all cookies enabled in netscape preferences, with "Warn before accepting a cookie" also turned on for debugging. 1. When I try the struts-example with the following URL: http://myhost/struts-example Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1, and I click OK. 2. I select the "Log on ..." link. Then the logon form is displayed at a URL of http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1 Note the cookie in the URL because struts doesn't yet know if my browser accepts cookies. Also note the port number 80 in the URL. 3. I enter user:pass and Submit. LogonAction logs the following message: 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction: User 'user' logged on in session f78s0eymd1 The mainMenu.jsp page is displayed, with a URL: http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1 (note no port number is in the URL) 4. Then, when I select "Edit your" the netscape question box pops up asking if I want to send a cookie JSESSIONID=ynsmafyqr1. The URL is shown as http://myhost:80/struts-example/editRegistration.do?action=Edit This shouldn't happen, it should use the first session id! 5. When I click on OK, then, EditRegistrationAction logs the following error: 2001-02-15 02:00:55 - path="/struts-example" :action: User is not logged on in session ynsmafyqr1 The logon.jsp form is again displayed. If I enter user:pass, then LogonAction reports a successfull login in session f78s0eymd1 (the first session id again!) When I select "Edit ..." I get the same error from EditRegistrationAction about "User is not logged on in session ynsmafyqr1". And so on, ad-infinitum. If I disable cookies in netscape preferences, then things work with URL rewriting, and EditRegistrationAction forwards me to registration.jsp. The problem also does not show up with IE 5. Also, at step 4, if I manually enter a URL of: http://myhost/struts-example/editRegistration.do?action=Edit then EditRegistrationAction succeeds and forwards to registration.jsp. If I am right about netscape keeping separate cookie lists, then perhaps a workaround is for struts (specifically the html taglib) not to add the port number when generating URLs? I haven't tested this solution. Someone must have run into it also? Gordon Maclean -- * Gordon Maclean, Software Engineer, 303 497-8794 Nat'l Center for Atmospheric Research, Boulder CO USA *
Re: session ids cont...
I added the "noCookies" attribute and set it to "true". However, the two instances of Netscape 4.7 still show that they are using the same session. I.E. 5.0 does display different session ID still. see notes below... "Craig R. McClanahan" wrote: > Peter Alfors wrote: > > > "Kramer, Gary" wrote: > > > > > > > > > > > > > > I had similiar problems. You need to turn off the use of Cookies on > > > your server (in Tomcat this setting is in server.xml). When the user > > > opens 2 browsers, they will always have different session ids in both > > > IE and Netscape since the first URL they will use will not have a > > > session id included. > > > > > > > How do I turn off the use of cookies in the server.xml? I only see one > > location where cookies are mentioned. > > > > > > > className="org.apache.tomcat.request.SessionInterceptor" /> > > > > Do I comment out this section? > > > > For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults > to "false". You need to set it to "true": > > className="org.apache.tomcat.request.SessionInterceptor" > noCookies="true"/> > > NOTE: Using URL rewriting does *not* catch every case of multiple windows > sharing session ids. Consider that the user can right-click on a hyperlink > (containing the session id) and select "Open in New Window". Because the > hyperlink being clicked had a session id in it already, the new window will > still be part of the old session -- so your app logic needs to be ready to > deal with this. > So it sounds like what I am looking for is to get the browser instances (IE and Netscape) to generate unique session ids. Then, I need to perform URL-rewriting for all of my links within the webapp. This will solve my problem if the user has opened up multiple browser instances (from the desktop, not through file --> new--> Window). I can use the tag to accomplish this throughout the site. However, I will also need to add some sort of "smarts" to the app to handle the possibility that the user opened a new browser instance from the (file --> new --> Window) option. Am I on the right track? (sorry if I sound so confused, but I am) :) > Craig McClanahan begin:vcard n:; x-mozilla-html:FALSE org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
Re: session ids cont...
Peter Alfors wrote: > I added the "noCookies" attribute and set it to "true". However, the two > instances of Netscape 4.7 still show that they are using the same session. > I.E. 5.0 does display different session ID still. > > see notes below... > > "Craig R. McClanahan" wrote: > > > Peter Alfors wrote: > > > > > "Kramer, Gary" wrote: > > > > > > > > > > > > > > > > > > > I had similiar problems. You need to turn off the use of Cookies on > > > > your server (in Tomcat this setting is in server.xml). When the user > > > > opens 2 browsers, they will always have different session ids in both > > > > IE and Netscape since the first URL they will use will not have a > > > > session id included. > > > > > > > > > > How do I turn off the use of cookies in the server.xml? I only see one > > > location where cookies are mentioned. > > > > > > > > > > > className="org.apache.tomcat.request.SessionInterceptor" /> > > > > > > Do I comment out this section? > > > > > > > For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults > > to "false". You need to set it to "true": > > > > > className="org.apache.tomcat.request.SessionInterceptor" > > noCookies="true"/> > > > > NOTE: Using URL rewriting does *not* catch every case of multiple windows > > sharing session ids. Consider that the user can right-click on a hyperlink > > (containing the session id) and select "Open in New Window". Because the > > hyperlink being clicked had a session id in it already, the new window will > > still be part of the old session -- so your app logic needs to be ready to > > deal with this. > > > > So it sounds like what I am looking for is to get the browser instances (IE and > Netscape) to generate unique session ids. No, unfortunately it has nothing to do with this -- session ids are generated by the server, not by the client. The sad fact of web application development is that the stupid browsers do not do what we want in all circumstances (for example, Netscape always sends the same cookies back no matter which Window you are in, while IE doesn't -- some versions -- or can be configured not to -- some versions). > Then, I need to perform URL-rewriting > for all of my links within the webapp. This will solve my problem if the user > has opened up multiple browser instances (from the desktop, not through file > --> new--> Window). > I can use the tag to accomplish this throughout the site. > > However, I will also need to add some sort of "smarts" to the app to handle the > possibility that the user opened a new browser instance from the (file --> new > --> Window) option. > > Am I on the right track? (sorry if I sound so confused, but I am) :) > Yep ... you *always* need to program defensively with respect to the chance that the user will have multiple windows open as part of the same session. > > > Craig McClanahan Craig
RE: session ids cont...
Title: RE: session ids cont... When I try Netscape4.7, it gives me different sessions IDs. As I understand it, the session id is assigned by Tomcat (i.e. jsessionid=asdkfjl), not by the browsers. If you disable cookie use in Tomcat and there is no jsessionid parameter in the URL, then Tomcat cannot link your request to any session and therefore has no choice but to create a new session. Your explanation of using and rewriting within a session is exactly what I'm doing (or trying to do). I also put in some defensive code to determine if the user messed with the URL or created a new browser with the same URL. I put code in my Form bean's reset method to double check that the request that is coming in actually applies to the object the user was last working on. This also defends against some of the problems caused by hitting the back and forward buttons. Still, very annoying. -Original Message- From: Peter Alfors To: [EMAIL PROTECTED] Sent: 2/1/01 5:11 PM Subject: Re: session ids cont... I added the "noCookies" attribute and set it to "true". However, the two instances of Netscape 4.7 still show that they are using the same session. I.E. 5.0 does display different session ID still. see notes below... "Craig R. McClanahan" wrote: > Peter Alfors wrote: > > > "Kramer, Gary" wrote: > > > > > > > > > > > > > > I had similiar problems. You need to turn off the use of Cookies on > > > your server (in Tomcat this setting is in server.xml). When the user > > > opens 2 browsers, they will always have different session ids in both > > > IE and Netscape since the first URL they will use will not have a > > > session id included. > > > > > > > How do I turn off the use of cookies in the server.xml? I only see one > > location where cookies are mentioned. > > > > > > > > className="org.apache.tomcat.request.SessionInterceptor" /> > > > > Do I comment out this section? > > > > For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults > to "false". You need to set it to "true": > > > className="org.apache.tomcat.request.SessionInterceptor" > noCookies="true"/> > > NOTE: Using URL rewriting does *not* catch every case of multiple windows > sharing session ids. Consider that the user can right-click on a hyperlink > (containing the session id) and select "Open in New Window". Because the > hyperlink being clicked had a session id in it already, the new window will > still be part of the old session -- so your app logic needs to be ready to > deal with this. > So it sounds like what I am looking for is to get the browser instances (IE and Netscape) to generate unique session ids. Then, I need to perform URL-rewriting for all of my links within the webapp. This will solve my problem if the user has opened up multiple browser instances (from the desktop, not through file --> new--> Window). I can use the tag to accomplish this throughout the site. However, I will also need to add some sort of "smarts" to the app to handle the possibility that the user opened a new browser instance from the (file --> new --> Window) option. Am I on the right track? (sorry if I sound so confused, but I am) :) > Craig McClanahan <>
Re: session ids cont...
Peter Alfors wrote: > "Kramer, Gary" wrote: > > > > > > > > > I had similiar problems. You need to turn off the use of Cookies on > > your server (in Tomcat this setting is in server.xml). When the user > > opens 2 browsers, they will always have different session ids in both > > IE and Netscape since the first URL they will use will not have a > > session id included. > > > > How do I turn off the use of cookies in the server.xml? I only see one > location where cookies are mentioned. > > > className="org.apache.tomcat.request.SessionInterceptor" /> > > Do I comment out this section? > For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults to "false". You need to set it to "true": NOTE: Using URL rewriting does *not* catch every case of multiple windows sharing session ids. Consider that the user can right-click on a hyperlink (containing the session id) and select "Open in New Window". Because the hyperlink being clicked had a session id in it already, the new window will still be part of the old session -- so your app logic needs to be ready to deal with this. Craig McClanahan
Re: session ids cont...
"Kramer, Gary" wrote: > > > > I had similiar problems. You need to turn off the use of Cookies on > your server (in Tomcat this setting is in server.xml). When the user > opens 2 browsers, they will always have different session ids in both > IE and Netscape since the first URL they will use will not have a > session id included. > How do I turn off the use of cookies in the server.xml? I only see one location where cookies are mentioned. Do I comment out this section? > > If you open a new browser from another such as via JavaScript > window.open(), you need to make sure the URL is NOT encoded with the > session id. This will cause the server to start a new session. > Unfortunately, all the Struts tags dealing with URLs (Form, Link, > etc.) always encode, so you can't use them when creating the new URL. > > Gary > > > -Original Message- > From: Peter Alfors > To: [EMAIL PROTECTED] > Sent: 2/1/01 2:28 PM > Subject: Re: session ids cont... > > > "Steven D. Wilkinson" wrote: > > > Peter, > > > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > > > > browser session. However, both Netscape 4.7 and Netscape 6 return > > the > > > same Id. > > > > > What do you mean by simultaneous browser sessions. If you create a > new window > > CTL+N in IE5.0 you get the same id. (Is this simultaneous?) > > If I start Netscape 4.7 from my desktop (2 instances of it) and go to > the same page > in my webapp. I can printout the session id on the screen. Both > browser instances > will have the same session id. > However, two instances of IE 5.0 will have different IDs. (this is > what > I want). > > > > > > > I thought that both netscape and IE generate new id's if you launch > the browser > > from the desktop. I also thought both netscape and IE use the same > id's if you > > create a new window from an existing window. > > > > I haven't tried creating a new window from either netscape or IE. But > > if this will > cause both windows to have the same session, then this is something I > need to > handle also. > > > > > I use IE5.0 for my testing and this is that way it works, at least > with the > > build from 01-28-2001. I can create a new browser window from the > current one > > and both have the same jsessionid. > > > > I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing. > > > > > I'm using Tomcat4.0-m5 for my testing. I don't know what you are > using. > > > > I am using Tomcat 3.2 > > > > > Are you using the for all of your links? And are you > using > > for all of your actions? I found that if you don't > you > will have > > a problem. It's either all or nothing. If it's nothing your on > your > own. At > > least that has been my experience. > > > > Right now I am NOT encoding my links. However, if my assumptions are > correct... > Encoding the links will not help me. Encoding adds the session id as > a > query > string to the links. If the two windows have the same session, then > the > links (in > each window) will still use the same session. > > > > > Steve > > Here is the problem I am running across. I use beans that store > information > pertaining to a specific record in the database. When a user selects > an > item from > a list, the bean is populated and placed in the session. I put it in > the session > because subsequent pages require this beans information as well. > However, if the > user has two browser windows running, sharing a session, it is > possible > for the > user to update the data for the bean in one window, and then retrieve > incorrect > information in the other window. > > It is very probable that a user will want to have multiple browsers > running so that > he/she can compare data. > > I hope you can all follow that. I don't think that I described it > very > well. > > <> begin:vcard n:; x-mozilla-html:FALSE org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
RE: session ids cont...
Title: RE: session ids cont... I had similiar problems. You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml). When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included. If you open a new browser from another such as via JavaScript window.open(), you need to make sure the URL is NOT encoded with the session id. This will cause the server to start a new session. Unfortunately, all the Struts tags dealing with URLs (Form, Link, etc.) always encode, so you can't use them when creating the new URL. Gary -Original Message- From: Peter Alfors To: [EMAIL PROTECTED] Sent: 2/1/01 2:28 PM Subject: Re: session ids cont... "Steven D. Wilkinson" wrote: > Peter, > > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > > browser session. However, both Netscape 4.7 and Netscape 6 return the > > same Id. > > What do you mean by simultaneous browser sessions. If you create a new window > CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). > > > I thought that both netscape and IE generate new id's if you launch the browser > from the desktop. I also thought both netscape and IE use the same id's if you > create a new window from an existing window. > I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. > > I use IE5.0 for my testing and this is that way it works, at least with the > build from 01-28-2001. I can create a new browser window from the current one > and both have the same jsessionid. > I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing. > > I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. > I am using Tomcat 3.2 > > Are you using the for all of your links? And are you using > for all of your actions? I found that if you don't you will have > a problem. It's either all or nothing. If it's nothing your on your own. At > least that has been my experience. > Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. > > Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. <>
Re: session ids cont...
"Steven D. Wilkinson" wrote: > Peter, > > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > > browser session. However, both Netscape 4.7 and Netscape 6 return the > > same Id. > > What do you mean by simultaneous browser sessions. If you create a new window > CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). > > > I thought that both netscape and IE generate new id's if you launch the browser > from the desktop. I also thought both netscape and IE use the same id's if you > create a new window from an existing window. > I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. > > I use IE5.0 for my testing and this is that way it works, at least with the > build from 01-28-2001. I can create a new browser window from the current one > and both have the same jsessionid. > I am using IE 5.0 & 5.5 and Netscape 4.7 & 6 for testing. > > I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. > I am using Tomcat 3.2 > > Are you using the for all of your links? And are you using > for all of your actions? I found that if you don't you will have > a problem. It's either all or nothing. If it's nothing your on your own. At > least that has been my experience. > Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. > > Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. begin:vcard n:; x-mozilla-html:FALSE org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
Re: session ids cont...
It was posted as a Subject : "what starts session?", Date: Wed, 24 Jan 2001 16:07:49 -0800 (PST) and responses were followed. "Steven D. Wilkinson" wrote: > > > > In [EMAIL PROTECTED] this issue was discussed (why and when > > IE supports different sessionID, and Netscape - not). The main thing is, > > Netscape is reading any cookies from one file, IE - from different files. > > Do you have a reference to said article? If not how about the subject and date? > Hum... IE and Netscape sharing the same id? I never thought they could. I > guess I already realized that they store cookies in different files. Is that > what was being asked? > > Steve
Re: session ids cont...
Peter, > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > browser session. However, both Netscape 4.7 and Netscape 6 return the > same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. Are you using the for all of your links? And are you using for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Steve
Re: session ids cont...
I have just tested our web application prototype on Netscape 4.7 and there are no problems with URL-rewriting and jessionid's. The servlet container (Resin 1.1.5) picks the right sessions for the right clients. We use a mix of hardcoded with dynamic jsessionid insertion, Struts and Javascript generated links on our pages and it works fine. The following principles were used: - Hardcoded links: Text - Struts: well it does it by itself. - JavaScript: call a function with parameter jessionid obtained from session object and use it to build link. Example: function openInfoWin(host, oid, sessionID) { var hostURL = "http://"+host+";jsessionid="+sessionID+"?oid="+oid; window.open(hostURL, "InfoWin", "scrollbars=no, resizable=yes, width=600, height=800"); } We always put the jsessionid right after the URL since it is a path parameter and *not* a request parameter. Remember to use semicolon as divider or else it will not be picked up. Could you provide an example of your nonworking JSP or Java code ? - Original Message - From: "Peter Alfors" <[EMAIL PROTECTED]> To: "struts-user" <[EMAIL PROTECTED]> Sent: Thursday, February 01, 2001 5:12 PM Subject: session ids cont... > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > browser session. However, both Netscape 4.7 and Netscape 6 return the > same Id. > > I dont think that URL-rewriting will help in this situation. If I > understand URL-rewriting correctly, all that is happening is that the > session id is being tacked on the end of the request URL. > > Has anyone else run into this problem (and hopefully come up with a > solution?) > > One alternative is to generate my own session object with a unique Id > the frist time the user makes a request. Then the action controller > could manage the sessions, while the pages use URL-rewriting to notify > the action controller which session to use. > > I don't particularly care for this solution, so I am hoping that I am > over-looking something simple. :) > > Pete >
session ids cont...
I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. I dont think that URL-rewriting will help in this situation. If I understand URL-rewriting correctly, all that is happening is that the session id is being tacked on the end of the request URL. Has anyone else run into this problem (and hopefully come up with a solution?) One alternative is to generate my own session object with a unique Id the frist time the user makes a request. Then the action controller could manage the sessions, while the pages use URL-rewriting to notify the action controller which session to use. I don't particularly care for this solution, so I am hoping that I am over-looking something simple. :) Pete begin:vcard n:; x-mozilla-html:FALSE org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
Re: session ids cont...
> > In [EMAIL PROTECTED] this issue was discussed (why and when > IE supports different sessionID, and Netscape - not). The main thing is, > Netscape is reading any cookies from one file, IE - from different files. Do you have a reference to said article? If not how about the subject and date? Hum... IE and Netscape sharing the same id? I never thought they could. I guess I already realized that they store cookies in different files. Is that what was being asked? Steve
Re: session ids cont...
In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Peter Alfors wrote: > I.E. 5.0 and 5.5 generate unique session ids for each simultaneous > browser session. However, both Netscape 4.7 and Netscape 6 return the > same Id. > > I dont think that URL-rewriting will help in this situation. If I > understand URL-rewriting correctly, all that is happening is that the > session id is being tacked on the end of the request URL. > > Has anyone else run into this problem (and hopefully come up with a > solution?) > > One alternative is to generate my own session object with a unique Id > the frist time the user makes a request. Then the action controller > could manage the sessions, while the pages use URL-rewriting to notify > the action controller which session to use. > > I don't particularly care for this solution, so I am hoping that I am > over-looking something simple. :) > > Pete
session ids
Hello, I am running across the problem where two simultaneous browser sessions (Netscape) are sharing the same session. Is this where the 'jsessionid' stuff comes into play? If so, where can I look for information on this? If not, is there another solution in struts? thanks, Pete begin:vcard n:; x-mozilla-html:FALSE org:http://www.irista.com/logo/irista.gif">Bringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard