Stephane Cloutier wrote:
>
> - Is my assumption that Netscape 4 handle session differently and is
> keeping one session per frame instead of one per browser is true?
No. You must be making some error someplace. Browsers have no concept of
session. A browser only knows certain things. One thing it knows is how
to submit (POST or GET) a request. Another thing it knows is that if it
has cookies sent from a server, it must send the cookies to the server
with a request. If
- you login from one frame, and
- the server creates a session, and
- the server sends the session id in a cookie
Then any other request the browser makes to the server, no matter which
frame it comes from, will include the cookies from the server. If the
session id was sent in a cookie, it will be returned in a cookie and the
server will be able to identify the session.
I don't know why it works for you with IE and Netscape 6, but not with
Netscape 4. On my last project we developed an intranet application for
a client using Netscape 4 as the browser. We had multiple frames and
even multiple windows opened by the application and we never had a
problem with session tracking.
Are your sure Netscape 4 was configured to accept cookies? (There was a
thread on this group yesterday complaining about IE5.5 not supporting
sessions, it turns out the IE5.5 browser had cookies turned off. See
"Session tracking with IE 5.5")
> - Is there a way in the servlets to know that a request is coming from
> the same browser but from a different frame and then, give the access to the
> authenticated frame values to the non-authenticated one without compromising
> security?
> - Is there any way of doing such a thing (besides using some script to
> force all the frames to log and then, generate 3 requests instead of one)?
The only reliable way is through session tracking. This occurs
automatically; the servlet container sends the session id in a cookie;
the browser, regardless of the frame, returns the session id with each
request.
K Mukhar
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
