>>> roy woods <[EMAIL PROTECTED]> 28-Apr-01 12:00:06 PM >>>
>Let me ask one question. How about if the user opens
>up another browser window after login. How sessions
>are managed then? I know this was discussed many times
>before but not to my satisfaction. Can anyone shed
>light on that one please?
I've appended the post I sent the other day: "RE: Session Question"
which explains how sessions are maintained by cookies.
Sessions are managed by cookies or by URL re-writing. Most commonly
cookies.
All browser windows generally use the same cookies and so a user
"logged on" in one browser window will not be able to create another
session just by opening another cookie window.
This is a limitation of the architecture but not one that many of us
worry about that much. You can get round it, in much the same way you
get round not having cookies at all, by using session re-writing.
Let's look at how it works in a cookie environment.
Let's say you have a webapp mapped to "/rich" on the server
"richhost:8000".
You create a session during a request. When you come to write the
response for the request the servlet engine automatically creates a
cookie with the session identifier and places it on the response.
Cookies are quite sophisticated really, more so than people realise.
When the browser recieves a cookie it parses it to understand what
URLs is should send the cookie to.... The cookie that servlet engines
use for session purposes identifies the host of your servlet container
and the path of your webapp.
So in our example your cookie will state "richhost" for the hosts
that it should be sent to and "/tich" for the paths it should be sent
to.
Whenever the browser makes a request for any path on "richhost" that
is, or is under "/rich" it will send the cookie.
When the servlet engine recieves the session cookie it says "hey!
this request is part of an existing session" and goes to get the
session data associated with the session id in the cookie and thus:
you have a session.
When a user opens a second browser window the current cookies are
shared between the 2 windows, so the session will carry over from
browser window to browser window.
There is a situation where this doesn't work. A user might create a
new browser completly (you can just about do this with Netscape). If
that happens it's unlikely that the 2 browsers will be sharing the
cookies and you'll have to do something else to share state between
the 2 browsers.
This doesn't happen very often though.
Nic Ferrier
Advert:
Nic is available for work: fixed or short term contracts. Contact him
directly.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
