Erik Hanson wrote:
> This is addressed to people who have written real, non-trivial applications
> using sessions: how have you handled users who open multiple windows
> (instances of the browser)?
>
<warning>
There are some who think my approach to limiting the user's flexibility is too
harsh, and that apps should be designed to deal with these kinds of scenarios
correctly, no matter what the user does. More power to them if they can design
applications robustly in the face of this! I had time-to-market issues that
made it not feasible.
</warning>
My habit is to try to prevent multiple windows by running the app in a special
window (created in the entry screen) that has a specified name (so that
clicking the entry link twice does not create two windows), and that has uses
buttons rather than hyperlinks so they can't use a right click and "Open in New
Window" trick. In addition, I eliminate the location bar and the toolbar
buttons to minimize the users's ability to bypass the built-in navigation I
provide in the app. Determined users who know a little bit can bypass some of
these restrictions, but they have to work at it.
> There are two ways the session mechanism handles multiple, and different
> browsers cause them to happen under different circumstances:
>
> 1. Each window is a separate session
> 2. Both windows share a session
> [snipped discussion of how both can be bad depending on the app]
There are more possibilities than you have described so far for which case will
happen when. The following list summarizes my current understanding of how
Internet Explorer and Netscape Navigator behave -- additions and corrections
are welcome!:
(1) Cookies are disabled, using URL rewriting,
both windows enter the application from
outside of any current session.
On both Netscape and Explorer, each window will run as an independent session.
(2) Cookies are disabled, using URL rewriting,
user right clicks a hyperlink and selects "open
in a new window".
On both Netscape and Explorer, the new window will be part of the same session
if the hyperlink they clicked on had an encoded session ID (which it will under
most circumstances).
(3) Cookies are enabled, both windows enter the
application from outside of any current session.
On Netscape, the windows will always end up as part of the same session for a
Windows 95/98 client (i.e. there is only one process). On a Unix host where
the two windows are run under separate Netscape processes, the sessions will be
separate.
On Explorer, whether you end up with one session or two depends on the setting
of the "Browse in a new process" property on the Advanced tab under Internet
Options.
(4) Cookies are enabled, user right clicks a
hyperlink and selects "open in a new window".
On Netscape, the new window will be part of the same session.
On Explorer, behavior depends on the setting of the "Browse In New Process"
setting, as in scenario (3).
Craig McClanahan
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
