OK, If you find better solution, please let me know On Sat, Jan 17, 2009 at 2:58 PM, RajibJana <rajibj...@gmail.com> wrote:
> > OK, I may try this if no other solution emerges. > > My question this is typical requirement for any enterprise level web app, > how Struts2 handles it? > > If it does not able to, then there is no other option but to leave S2 and > look for other server frameworks. There is a need of looking beyond http > session. > > I guess S2 is positioning itself as a server framework, I hope it addresses > basic requirements for a enterprise application. > > Thanks > > Rajib > > > > abhishek reddy wrote: > > > > *If the user opens a new browser instance, then a new session is created > > and both the windows have their own user id info( i.e. userid doesnt > > override)* > > > > Taking the above point into consideration...you can try this way > > > > 1.When User X logged in successfully, you are storing the id in the > > session. > > 2.Now, If User Y logged in from the same broswer instance, session will > be > > old...so check for the attribute value set by the User X..... > > If attribute value is null, proceed asusual, else tell the user to open a > > new browser window.. > > > > hope this is helpfull.. > > > >> transactions also get userid info as X. > > > > On Sat, Jan 17, 2009 at 1:46 PM, RajibJana <rajibj...@gmail.com> wrote: > > > >> > >> Thanks Wes for your reply. > >> > >> The application requires userid info for various reasons like > >> authorization, > >> auditing etc. Hidden key (security reason) or cookies ( may be > >> disabled) > >> are not the good way to handle this situation. I am wondering whether > >> this > >> is not a common requirement for any web app where we need to keep some > >> information that can be accessed for a particular user session. I hoped > >> that > >> Struts 2 is capable to handle user session. > >> > >> I am in a fix, may I need to look other frameworks like Seam? > >> > >> Thanks > >> > >> Rajib > >> > >> > >> > >> > >> Wes Wannemacher wrote: > >> > > >> > On Saturday 17 January 2009 00:23:49 RajibJana wrote: > >> >> > >> >> 1) A User opens a browser window( IE 7/Firfox) and logs in the > >> >> application > >> >> as User X and the application shows the logged in userid as X and DB > >> >> transactions also get userid info as X. > >> >> 2) The same user opens a bowser tab or new window from the opened > >> window > >> >> ( > >> >> from where he logged in as X), and logs in the application as User Y. > >> Now > >> >> userid Y overrides the userid X in session map( as no new session is > >> not > >> >> opened, I guess) and I get userid as Y in both the browser tabs. My > >> >> application breaks. > >> >> 3) If the user opens a new browser instance, then a new session is > >> >> created > >> >> and both the windows have their own user id info( i.e. userid doesnt > >> >> override) > >> >> > >> > > >> > I don't know if you will be able to fix your problem as long as you > use > >> a > >> > form > >> > of authorization that relies on the session. Each browser tab will > >> > continue > >> > using the session that is already established. > >> > > >> > Although I would not suggest this for a production application, but if > >> > this > >> > behavior is a requirement for your application, then you could try > >> hiding > >> > a > >> > key within the page (a hidden input field) and also appending the key > >> to > >> > each > >> > request URL. This is a very bad way to do it because it will be easy > to > >> > hijack > >> > a session. Especially in cases where the user is clicking a link and > >> the > >> > key > >> > will be visible in the GET request. > >> > > >> > I would consider whether your requirement is a development-time > >> > requirement... > >> > Meaning, is this something you need for testing your app? Or is this > >> > something > >> > the users will need? If it is something that the users need, consider > >> re- > >> > factoring before you hide key fields as I suggest above. If this is > >> > something > >> > you need for testing and development, then try to find a browser > plugin > >> > that > >> > allows you to gain finer control over your cookies so that you can > >> control > >> > the > >> > sessions while you work. > >> > > >> > -Wes > >> > > >> > -- > >> > > >> > Wes Wannemacher > >> > Author - Struts 2 In Practice > >> > Includes coverage of Struts 2.1, Spring, JPA, JQuery, Sitemesh and > more > >> > http://www.manning.com/wannemacher > >> > > >> > > >> > --------------------------------------------------------------------- > >> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> > For additional commands, e-mail: user-h...@struts.apache.org > >> > > >> > > >> > > >> > >> -- > >> View this message in context: > >> http://www.nabble.com/Struts-2-session-problem-tp21513305p21514087.html > >> Sent from the Struts - User mailing list archive at Nabble.com. > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >> For additional commands, e-mail: user-h...@struts.apache.org > >> > >> > > > > > > -- > > Abhishek > > > > > > -- > View this message in context: > http://www.nabble.com/Struts-2-session-problem-tp21513305p21514568.html > Sent from the Struts - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > -- Abhishek