RE: Question about creating new HttpSessions
Hi, Why don't you want to invalidate the old one? Yoav Shapira Millennium Research Informatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, September 16, 2004 3:13 PM To: [EMAIL PROTECTED] Subject: Question about creating new HttpSessions First a little background. I am working on a servlet that has a login page that creates new HttpSessions. If my users close their browser windows between calls to the login page everything works wonderfully. But if they browse to the page while they still have a cookie from an old session, the method HttpServletRequest.getSession(true) returns the old session. I want to force the creation of a new HttpSession in this case. I do not want to invalidate the old session, I just want a new session. My servlet is deployed to a Tomcat 4.1.x container, but if I have to I can move to Tomcat 5.0.x. In the ideal world, I would like to keep my servlet container independent, but if I have to do something Tomcat specific I will. My question is: Is there any way to force the creation of a new HttpSession, even if the HttpServletRequest has a cookie for an old session? Thank you in advance for your help --matt hoover This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question about creating new HttpSessions
Shapira, Yoav said: Hi, Why don't you want to invalidate the old one? Mainly because the case that brought up this problem is the tester using the File-New-New window command, then browsing to a bookmarked URL for the login page. They need to be able to continue using the old session in the old window, and the new session in the new window. --matt hoover
RE: Question about creating new HttpSessions
Hola, Shapira, Yoav said: Hi, Why don't you want to invalidate the old one? Mainly because the case that brought up this problem is the tester using the File-New-New window command, then browsing to a bookmarked URL for the login page. They need to be able to continue using the old session in the old window, and the new session in the new window. --matt hoover IMHO, it's one thing to fix bugs reported by testers, and a good thing at that. But it's another to tweak basic concepts like one user = one session (at a time) just for a tester or test case. So I'd tell him/her to adjust his/her testing process. But if you can't or don't want to do that, we're back to your original question. I don't think there's a way to force Tomcat to create new sessions as you desire, especially without invalidating the old one. To have such a way means Tomcat supports session handling in ways not described in the Servlet Specification, and that's a no-no for us. However, we do give you this option if you're willing to write some code. Extend the standard manager to have the behavior you want. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/manager.html for the doc and http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/session/ for the source code of the relevant classes. Yoav This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Question about creating new HttpSessions
At 12:24 PM 9/16/2004, you wrote: Shapira, Yoav said: Hi, Why don't you want to invalidate the old one? Mainly because the case that brought up this problem is the tester using the File-New-New window command, then browsing to a bookmarked URL for the login page. They need to be able to continue using the old session in the old window, and the new session in the new window. Note that most browsers use the same cookie-set if you do a File-New-New Window command, but use a new cookie-set if you simply start them in another process (for Windows that means clicking on the icon again to launch a new browser instance). Try it with whatever browser you're using to test (varies by browser, but all that I've used have a similar way to accomplish this), but solving the problem this way would be much, much, much easier than asking your app to do something it's not supposed to do. justin __ Justin Ruthenbeck Lead Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
