Hi,
> hi all,
> i am new to servlets and am facing problems with sessions. what can be
done
> if i want that a user should not be able to log on twice from two
different
> browser windows at the same time?
> i am trying to do this by creating a session. the problem is that only one
> session is being created for all the users which are logging in. so i
> cannot differentiate between users using the session id since only one
> session id is there for all of them. what can be done to create a unique
> session for each user. with getSession(true), it creates a session once
and
> all the users are using the same session.
Session are managed between the server and the client by the exchange of
Cookies or URL Encoding. I fail to understand how can different Clients
have the same session ID.. The session ID is created in a unique manner by
the Container for each new session.. if diffferent users are logging in from
the same client in that case you will have just one session id because the
getSession(true) get a new session only if there is no session conveyed by
the client and if a session has been conveyed by the client then it returns
the session sent by the client. (Refer the API docs for details..)
> is there some way to pass a null
> session id from the server in case a second user tries to log on. in that
> case it will create another session for that user. similarly if it is
> possible that if the same user tries to log on again, its session id is
> passed by the server so that its sessions can be invalidated and a new
> session is created for him, to prevent double logon?
I don't think you can have two sessions IDs associated with the same client
when you are using cookies for session management. I am attaching a snippet
from the Servlet 2.2 Specs (page 37)
"7.7.3 Client Semantics
Due to the fact that cookies or SSL certificates are typically controlled by
the web browser process
and are not associated with any particular window of a the browser, requests
from all windows of a
client application to a servlet container might be part of the same session.
For maximum portability,
the Developer should always assume that all windows of a client are
participating in the same
session."
I think you can overcome your problem of multiple login by incorporating
this philosophy in your code
HttpSession session = getSession(true);
if(!session.isNew()) // the session is not new
{
....
some code to prevent relogging from this client..
or logging out previous user before new user logs in
you can invalidate the session by saying session.invalidate()
}
else
{
normal logging in procedure can come here..
}
if you want that more than one user should log in from the same client and
have separate sessions then i believe you will have to go in for URL
encoding and turn off the cookies but I am not sure..
regds,
Gokul
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
