Would depend on the purpose of the site... >From behind some firewalls/networks varying users can have the same external ip addresses, in which case everyone would be logged in from this network!!!
IE does always generate a new session for each new launch of IE, but not for a new window. But why would they be doing this?! Maybe you need to consider persisting sessions and introducing a login... Mike ----- Original Message ----- From: "Kumar Sameer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 10, 2002 11:04 AM Subject: Re: Session tracking API > I think, using encodeXXX method will work if the new window is opened by > clicking on a link on the same page. But will it work if i create a new > window by double clicking IE icon ? I think not... does IE always generates > new session for each new window? If that is the case, is it possible to use > ip address of client m/c for session tracking ? Will reading ip address > create security problem ? > > > -----Original Message----- > From: Chen, Gin [mailto:[EMAIL PROTECTED]] > Sent: 09 April 2002 16:27 > To: [EMAIL PROTECTED] > Subject: Re: Session tracking API > > > BTW, here's a part of the servlet spec that I really dont like the wording > of. > quote -- > > SRV.7.7.3 Client Semantics > > Due to the fact that cookies or SSL certificates are typically controlled by > the web > browser process and are not associated with any particular window of the > browser, > requests from all windows of a client application to a servlet container > might be part > of the same session. For maximum portability, the Developer should always > assume > that all windows of a client are participating in the same session. > > -- end quote > > In one way you have already seen how this is not true in certain situations. > And, as Dan pointed out, this is also browser dependent. > I would say that you dont make that assumption and to use the encodeXXX > anywhere in ur application > that opens new windows or links to new pages to avoid any guessing about > which session is being used. > > -Tim > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
