only under certain circumstances. If the browser was opened via a ctrl+n or via a javascript:window.open() or a target="_blank" then the session will definitely be the same as the parent window. If you re-double-click the icon on the desktop to open IE then you start the browser in a new memory process. I think IE5.5 had a setting enabling or disabling starting in a new memory process. I could be wrong on that, though. I have IE6 installed on my home machine right now and it doesn't have that option that I can find. Either way, even with opening in a new memory process, I've seen enough weird behavior where IE ends up sharing cookies somehow with other browser processes that I never count on that behavior anymore.
Bottom line, close all browsers if you want new in-memory cookies....which session cookies are or use two or more completely separate browsers such as IE, Mozilla, or Opera.
Jake
At 03:31 PM 10/30/2002 +0000, you wrote:
In my experience, IE 6 creates a new session cookie for each browser window...Andy > -----Original Message----- > From: Nick Lombard (VSP) [mailto:nick.lombard@;vcontractor.co.za] > Sent: 30 October 2002 15:25 > To: Tomcat Users List > Subject: RE: Session start > > > Hi Mauro > > At least this one I can answer for you. > > You will deffinitely not be able to start a new session for each browser > window opened if you are using session cookies. > > The Session cookie specification is slightly different to that of normal > cookies. It shares the same rule that the browser will send the > cookie only > to the domain from which it originated. But the session cookie lasts the > lifetime of the browser whereas the normal cookie will be saved. So if a > browser is closed (not just a window of the same browser process) > the cookie > will die with it. All the browser windows share the same cookies and if a > session cookie is available for a the domain being accessed the > cookie will > be sent along. > > I.o.w if your servlet/jsp makes a call to request.getSession(true); the > session ID identified in the request will return the session object stored > at the server identified by the session ID in the request > (cookie) if there > is no session id or the session has expired on the server a new > session will > be created and a request will be made to the browser to kindly return a > session cookie with the supplied id. If request.getSession(false); is > called, the same process as above occurs but a new session will not be > created. > > Thus to understand "who the session id belongs to" the answer is something > like: The session id as a cookie is kept for the lifetime of a browser > process on the client and identified on the server. Different vendor > browsers will all have their own session cookies and thus session ids. > > To solve your problem it is correct what Ralph said. > A session cookie cannot be used because the cookie is shared by > all browser > windows of the same browser process. The sollution is url > rewriting in which > the session id is not sent by a cookie but is sent as a request parameter > and thus if the client opens a new browser window and types in your URL it > will not contain the session id request parameter and thus a new > session can > be created on the server. This might not be the case if the > client asks for > a link on your application to open in a new window because the parameter > might be in the link. > > I hope this makes it slightly clearer. > > Nick. > > > > > -----Original Message----- > From: Mauro Daniel Ardolino [mailto:mauro@;altersoft.com.ar] > Sent: Wednesday, October 30, 2002 4:38 PM > To: Tomcat Users List > Subject: RE: Session start > > > OK, but I still have some servlets that have to communicate using > HttpSession setting and getting objects between them. So if on each call > to different servlets I obtain a new session, then I loose the objects > contained in the session. > > So reading your answer I think that the problem is to who belongs the > session id. Does it belongs to the machine that is browsing? I mean: the > IP address? I don't think so because in multiple text sessions of the same > linux machine, browsing from each the same servlet, I obtain different > sessions. Does it belongs to the user? which user? windows user? linux > user? other OS users? No, the same user on different linux sessions, gets > different HttpSession. So I have to think that depends on the > OS. E.g. on linux it depends on the linux session. I'd like to bypass > this behavior opening a session each time a user opens a browser. I > think I have to rescue a browser window id or something like that from > the HttpServletRequest. > > Any ideas? > > Thanks, > > Mauro > > > > On Wed, 30 Oct 2002, Ralph Einfeldt wrote: > > > It's quite simple. > > > > Whenever a request reaches tomcat that contains no > > session id (url or cookie) or a session id that > > doesn't belongs to a active session, tomcat creates > > a new session. > > > > To do what you want you have to disable cookies > > in tomcat. This way you will get a new session > > whenever a new window is opened and the url that > > is used for the window contains no session id. > > > > Ralph Einfeldt > > Uptime Internet Solution Center GmbH > > Hamburg, Germany > > Hosting, Content Management, Java Consulting > > http://www.uptime-isc.de > > > > > -----Original Message----- > > > From: Mauro Daniel Ardolino [mailto:mauro@;altersoft.com.ar] > > > Sent: Tuesday, October 29, 2002 5:13 PM > > > To: [EMAIL PROTECTED] > > > Subject: Session start > > > > > > I'm confussed about when does a session starts. > > > > > > Browsing with netscape on a linux gui, opening 2 browsers, > > > calling the same servlet, the session is shared. I want > > > to start a new session! I mean every time a user opens a > > > new browser or a new window of the browser and calls my > > > servlet, I want to start a new session. > > > > -- > > To unsubscribe, e-mail: > <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > > For additional commands, e-mail: > <mailto:tomcat-user-help@;jakarta.apache.org> > > > > > > -- > Ing.Mauro Daniel Ardolino > Departamento de Desarrollo y Servicios > Altersoft > Billinghurst 1599 - Piso 9 > C1425DTE - Capital Federal > Tel/Fax: 4821-3376 / 4822-8759 > mailto: [EMAIL PROTECTED] > website: http://www.altersoft.com.ar > > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: > <mailto:tomcat-user-help@;jakarta.apache.org> > > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> > For additional commands, e-mail: > <mailto:tomcat-user-help@;jakarta.apache.org> > > -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
