Erik -- If you look back at the session mgmt threads in this list you will come across one long one - precisely dealing with the issue you have raised. I encountered it quite early in the project implementation and was lucky enough to move over to URL rewriting. I found that as the best solution - you can have control over the URLs you rewrite, plus, most of the webservers and servlet engines do support overriding the default *cookies-based* mechanism. Multiple browser instances (if not processes) share the same session id (as cookie) and can overwrite the session data at your servlet end. Explictly setting the URL by URL rewriting makes sure each of those get new session id - always. It works irrespective of the client having cookies enabled or disabled. Depending on your code design it may be little time consuming to switch over to the URL rewrite stuff .. but as I get it it works great and probably the best way to go for case you mentioned. Unless of course you can do the session management at your servlet level ... Do you also have an *authentication* of user in your application ? If so, even if the same user come via new window, (s)he can be warned and not allowed to come in - forcing him/her going back to the old window. Shashank m: Erik Hanson <[EMAIL PROTECTED]> >Reply-To: "A mailing list for discussion about Sun Microsystem's Java > Servlet API Technology." <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Sessions & multiple windows in the real world >Date: Thu, 19 Aug 1999 19:02:54 -0400 >MIME-Version: 1.0 >From [EMAIL PROTECTED] Thu Aug 19 16:06:24 1999 >Received: from [204.160.241.28] by hotmail.com (2.1) with ESMTP id >MHotMailB985D8EF01F3D82197C4CCA0F11CF72A0; Thu Aug 19 16:06:24 1999 >Received: from mail (mail.java.sun.com [204.160.241.28])by >mail.java.sun.com (8.9.3+Sun/8.9.3) with ESMTP id QAA05597;Thu, 19 Aug 1999 >16:03:25 -0700 (PDT) >Received: from JAVA.SUN.COM by JAVA.SUN.COM (LISTSERV-TCP/IP release 1.8d) >with spool id 312742 for [EMAIL PROTECTED]; Thu, 19 >Aug 1999 16:03:23 -0700 >Received: from ms02.metamor-its.com (ms02.metamor-its.com [206.27.67.22]) >by mail.java.sun.com (8.9.3+Sun/8.9.3) with ESMTP id QAA05578 for > <[EMAIL PROTECTED]>; Thu, 19 Aug 1999 16:03:22 -0700 >(PDT) >Received: from ehanson_ntws ([206.27.66.177]) by ms02.metamor-its.com > (8.8.7/8.8.7) with SMTP id TAA22898 for ><[EMAIL PROTECTED]>; Thu, 19 Aug 1999 19:03:23 -0400 >X-Priority: 3 >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook Express 4.72.3110.5 >X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 >Message-ID: <008101beea96$fd0882e0$[EMAIL PROTECTED]> >Sender: "A mailing list for discussion about Sun Microsystem's Java > Servlet API Technology." <[EMAIL PROTECTED]> > >This is addressed to people who have written real, non-trivial applications >using sessions: how have you handled users who open multiple windows >(instances of the browser)? > >There are two ways the session mechanism handles multiple, and different >browsers cause them to happen under different circumstances: > >1. Each window is a separate session >2. Both windows share a session > > >#1 can be bad sometimes. For example, a Netscape for Windows user gets a >list of widgets from my (hypothetical) widget store, eWidgets.com. She is >interested in UltraWidget, so she clicks on the "purchase" link. >UltraWidget >is then added to her shopping cart. The shopping cart info is stored in a >session. > >She sees an ad on the page for "UltraWidget Extended Warranty" which she is >interested in. She right-clicks on the link and chooses "Open link in new >window" so she can read about it in a new window. Because of the way >Netscape works, the new browser window means a new session. She wants to >buy >the extended warranty so she clicks the "Add to shopping cart" link and it >is added to her shopping cart. > >But because she has two sessions going on, only the extended warranty is in >her shopping cart. She gets confused and starts swearing and turns her >computer off, cheating me out of a $45,000 widget sale. > >Had she been using Internet Explorer for Windows, both windows would have >shared a session and she wouldn't have gotten confused. > > >#2 can be bad sometimes too. For example, an Internet Explorer for Windows >user wants to find all blue widgets and all green widgets, so he goes to >the >search page of eWidgets.com and types in "blue" and hits "search". > >When his results come back, he remembers that he also wants green widgets, >so he chooses "New Window" from the "File" menu which gives him a duplicate >window (and which shares the same session). He types "green" and hits >"search" and gets back a list of results. > >He then goes back to the first window (the one with the blue widgets) and >clicks the "next page" link, which shows him the next page of *green* >widgets, because the search results were stored in the session and the >green >results overwrote the blue results. He gets annoyed and starts playing >Quake, cheating me out of some widget sales. > >Had he been using Netscape for Windows, each window would have had its own >session and the search results wouldn't have gotten mixed up. > > >So what do *you* do about sessions an multiple windows? Just hope that >users >don't open multiple windows? So far, I've been ignoring sessions and >passing >parameters around, but I'm writing a complex application and the parameter >passing is getting out of hand. > > >Thanks in advance, >Erik > >___________________________________________________________________________ >To unsubscribe, send email to [EMAIL PROTECTED] and include in the body >of the message "signoff SERVLET-INTEREST". > >Archives: http://archives.java.sun.com/archives/servlet-interest.html >Resources: http://java.sun.com/products/servlet/external-resources.html >LISTSERV Help: http://www.lsoft.com/manuals/user/user.html _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
