Actually yeah. Im working on a product which requires that only a single client instance can be connected through a machine. Actually I thought if there would be anything in Tomcat which supports this then it wouldve considered the problem you mentioned and would be solving it somehow (using mac address or something). I cannot use the IP address coming in request because of this proxy problem. I have to bind something with the session. Even if tomcat gives me the actual IP address (whic considers the fact that the client machine can be sitting behind proxy) then it would be great. What other options do I have to implement this thing?
Regards, Khurram. On 3/16/07, David Smith <[EMAIL PROTECTED]> wrote:
None that I no of. More to the point, it's a security issue to have all the browsers behind one IP share a common session. Witness how cable routers can share one IP with an entire apartment building. Would you really want your neighbor with the super loud metal rock to see your credit card statements? All browser windows spawned from a single process can share (and often do to the frustration of some web developers). So, if you use New Window or Ctrl-N from within IE you'll get the same session as the window that started the session. Firefox does the same thing regardless of whether you open from Explorer or New Window in the File menu. Is there a reason you need to guarantee all the browsers from a given user have the exact same session? --David kz wrote: > Hi, > > Is there any option in Tomcat which can assign a new session ID only > if the > IP address is changed and not a browser window? Actually right now a new > session ID comes in request for every new browser window (even if the IP > address is same). Is there any option to make Tomcat assign new > session ID > only if IP address is changed and the session remains the same even if > there > are multiple browser windows hitting the server? > > Thank you so much. > > Khurram. > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
