Re: Session tracking API

Raghupathy, Gurumoorthy Wed, 10 Apr 2002 02:58:30 -0700

you cannot do a session tracking using IP ADDRESS ...
because if the web is behind a proxy you wont get a unique ip address

ONE IDEA IS TO CHECK THE BROWSER ( USER AGENT ) AND DO CUSTOM PROCESSING ...
ANY IDEAS ?

GURU

-----Original Message-----
From: Kumar Sameer [mailto:[EMAIL PROTECTED]]
Sent: 10 April 2002 11:04
To: [EMAIL PROTECTED]
Subject: Re: Session tracking API

I think, using encodeXXX method will work if the new window is opened by
clicking on a link on the same page. But will it work if i create a new
window by double clicking IE icon ? I think not...  does IE always generates
new session for each new window? If that is the case, is it possible to use
ip address of client m/c for session tracking ? Will reading ip address
create security problem ?

-----Original Message-----
From: Chen, Gin [mailto:[EMAIL PROTECTED]]
Sent: 09 April 2002 16:27
To: [EMAIL PROTECTED]
Subject: Re: Session tracking API

BTW, here's a part of the servlet spec that I really dont like the wording
of.
quote --

SRV.7.7.3 Client Semantics

Due to the fact that cookies or SSL certificates are typically controlled by
the web
browser process and are not associated with any particular window of the
browser,
requests from all windows of a client application to a servlet container
might be part
of the same session. For maximum portability, the Developer should always
assume
that all windows of a client are participating in the same session.

-- end quote

In one way you have already seen how this is not true in certain situations.
And, as Dan pointed out, this is also browser dependent.
I would say that you dont make that assumption and to use the encodeXXX
anywhere in ur application
that opens new windows or links to new pages to avoid any guessing about
which session is being used.

-Tim

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Re: Session tracking API

Reply via email to