Re: Is there any way in Struts2 to handle session sharing accross browsers
Hi, May be Spring Security will do the stuff :) Regards, ManiKanta G twitter.com/ManiKantaG On Wed, Dec 30, 2009 at 6:43 PM, Gabriel Belingueres wrote: > Session data handling is the same for all frameworks based on the > Servlet and JSP specification, and AFAIK S2 doesn't provide any helper > to handle it differently (one exception is the token interceptor to > avoid double submits.) > > I think you should design the application specifically to handle this > case: if some user is already logged in, you can prevent him log in > again as an admin by checking some data is already present in session > scope. > > Also, it seems you have 2 login screens: one for regular users and > other for admins. Other solution can be to have only one login screen > and rework your user roles, assigning some regular users the "admin" > role too. > > HTH, > Gabriel > > 2009/12/30 Struts-User : > > > > Thanks Paul, What I mean is not exaclty one session per user rather > > preventing or detecting the session which is getting copied when any one > > does CTRL+N or in IE7 opens application new TAB. > > In above said cases session remains to be same however session data is > > replaced with the recentely logged in user's data. > > This creates problem when employee logs in one window and same employee > > tries to log as admin in CTRL+Ned window as admin which will result in > > employee session data being replaced by admin data > > > > > > > > -- > > View this message in context: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964689.html > > Sent from the Struts - User mailing list archive at Nabble.com. > > > > > > - > > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > > For additional commands, e-mail: user-h...@struts.apache.org > > > > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
Re: Is there any way in Struts2 to handle session sharing accross browsers
Session data handling is the same for all frameworks based on the Servlet and JSP specification, and AFAIK S2 doesn't provide any helper to handle it differently (one exception is the token interceptor to avoid double submits.) I think you should design the application specifically to handle this case: if some user is already logged in, you can prevent him log in again as an admin by checking some data is already present in session scope. Also, it seems you have 2 login screens: one for regular users and other for admins. Other solution can be to have only one login screen and rework your user roles, assigning some regular users the "admin" role too. HTH, Gabriel 2009/12/30 Struts-User : > > Thanks Paul, What I mean is not exaclty one session per user rather > preventing or detecting the session which is getting copied when any one > does CTRL+N or in IE7 opens application new TAB. > In above said cases session remains to be same however session data is > replaced with the recentely logged in user's data. > This creates problem when employee logs in one window and same employee > tries to log as admin in CTRL+Ned window as admin which will result in > employee session data being replaced by admin data > > > > -- > View this message in context: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964689.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
Hi all, i'm a big fan of this subject, it goes up here and there every some time, maybe we could add some info on struts2 pages/wiki about what http session is and how it is created and handled by S2 app (or any ohter http app). What impact has scheme changing on session (http -> https and https -> http). Also an info about how current browsers handle the session cookie (tabs vs. new windows). How to check if session has changed, how to invalidate session and what it means. Maybe if we would have such a page, discussions like this one would not be necessary at all. If You guys think it would be worth it, i'm willing to do it. Best greetings, Paweł Wielgus. 2009/12/30 Sandeep G. Shenvi : > Hi, > > Even I am facing similar problem... However, this problem occurs only if I > access the url in a new tab within the same browser instance (IE7) and not if > I open a new browser instance altogether. > > > -Original Message- > From: Bharat_2.0 [mailto:bharatesh.huchchanna...@wipro.com] > Sent: Wednesday, December 30, 2009 1:47 PM > To: user@struts.apache.org > Subject: Re: Is there any way in Struts2 to handle session sharing accross > browsers > > > That is not a new new session its parent browser session copied, you can give > try. > > > -- > View this message in context: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26965019.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > > __ > > This Email may contain confidential or privileged information for the > intended recipient (s) If you are not the intended recipient, please do not > use or disseminate the information, notify the sender and delete it from your > system. > > __ > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: Is there any way in Struts2 to handle session sharing accross browsers
Hi, Even I am facing similar problem... However, this problem occurs only if I access the url in a new tab within the same browser instance (IE7) and not if I open a new browser instance altogether. -Original Message- From: Bharat_2.0 [mailto:bharatesh.huchchanna...@wipro.com] Sent: Wednesday, December 30, 2009 1:47 PM To: user@struts.apache.org Subject: Re: Is there any way in Struts2 to handle session sharing accross browsers That is not a new new session its parent browser session copied, you can give try. -- View this message in context: http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26965019.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org __ This Email may contain confidential or privileged information for the intended recipient (s) If you are not the intended recipient, please do not use or disseminate the information, notify the sender and delete it from your system. __ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
That is not a new new session its parent browser session copied, you can give try. -- View this message in context: http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26965019.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
When the user presses CTRL+N in IE, a new browser instance is started. That's not another view of the current browser session, but a whole new session. There's nothing that can be done about this in Struts or anything else. On Wed, Dec 30, 2009 at 1:12 AM, Struts-User wrote: > > Thanks Paul, What I mean is not exaclty one session per user rather > preventing or detecting the session which is getting copied when any one > does CTRL+N or in IE7 opens application new TAB. > In above said cases session remains to be same however session data is > replaced with the recentely logged in user's data. > This creates problem when employee logs in one window and same employee > tries to log as admin in CTRL+Ned window as admin which will result in > employee session data being replaced by admin data > > > > -- > View this message in context: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964689.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
Thanks Paul, What I mean is not exaclty one session per user rather preventing or detecting the session which is getting copied when any one does CTRL+N or in IE7 opens application new TAB. In above said cases session remains to be same however session data is replaced with the recentely logged in user's data. This creates problem when employee logs in one window and same employee tries to log as admin in CTRL+Ned window as admin which will result in employee session data being replaced by admin data -- View this message in context: http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964689.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
Some extreme financial sites only allow one session per user. They track in their database when a user logs in, and the user must remain on that session ID for X minutes or log out. Consequences: 1. If the user shuts his browser by accident, ooops! X minutes must pass until the original session times out. See step 2. 2. Any other login attempt is denied until original session times out. Of interest to you? Paul On Wed, Dec 30, 2009 at 12:28 AM, wrote: > Handle means > 1. Detect when session is being copied from browser to browser > 2. Direct user to login page if session is copied in 'CTRL+N'ed page > > Paul Benedict-2 wrote: >> >> What does "handle" mean to you here? >> >> On Wed, Dec 30, 2009 at 12:05 AM, Struts-User >> wrote: >>> >>> Hi All - Is there any way in Struts2 to handle session sharing across >>> browsers. >>> My problem: >>> User logs in -> session created, user does CTRL+N and opens child window >>> now he logs in as admin-> session created (it does not create new >>> session) >>> and now parent window has the admin session, and session data is of >>> admin. >>> This problem is seen only when browser windows are opened by CTRL+N. >>> >>> Please suggest >>> -- >>> View this message in context: >>> http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964416.html >>> Sent from the Struts - User mailing list archive at Nabble.com. >>> >> >> ------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> >> > Quoted from: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964469.html > > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Is there any way in Struts2 to handle session sharing accross browsers
What does "handle" mean to you here? On Wed, Dec 30, 2009 at 12:05 AM, Struts-User wrote: > > Hi All - Is there any way in Struts2 to handle session sharing across > browsers. > My problem: > User logs in -> session created, user does CTRL+N and opens child window > now he logs in as admin-> session created (it does not create new session) > and now parent window has the admin session, and session data is of admin. > This problem is seen only when browser windows are opened by CTRL+N. > > Please suggest > -- > View this message in context: > http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964416.html > Sent from the Struts - User mailing list archive at Nabble.com. > - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Is there any way in Struts2 to handle session sharing accross browsers
Hi All - Is there any way in Struts2 to handle session sharing across browsers. My problem: User logs in -> session created, user does CTRL+N and opens child window now he logs in as admin-> session created (it does not create new session) and now parent window has the admin session, and session data is of admin. This problem is seen only when browser windows are opened by CTRL+N. Please suggest -- View this message in context: http://old.nabble.com/Is-there-any-way-in-Struts2-to-handle-session-sharing-accross-browsers-tp26964416p26964416.html Sent from the Struts - User mailing list archive at Nabble.com.