-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dave,
Dave wrote: | For cookie-based session tracking, when a user clicks a link on a | jsp page, how to make the request belong to a new session, not | existing session. Since there can only be one session (JSESSIONID) cookie for any given host/path combination (not entirely true, but Tomcat will pick one and stick with it), the best you can do with cookies is abandon your current session and start an entirely new one. If you want separate windows with separate sessions you need to do one of the following (in increasing order of difficulty): 1. Use two separate instances of the web browser. 2. Use two different web browsers (e.g. MSIE and ff) 3. Disable cookie-based session tracking (which will fall-back to ~ URL-rewriting), and remove the HttpServletResponse.encodeURL ~ call from the URL you want to act like a jumping-off point. 4. Hack Tomcat's session manager so that it uses a session cookie ~ with a name other than JSESSIONID (i.e. it will accept both), ~ and include some way to notify the session manager that the existing ~ (JSESSIONID) session should be ignored in favor of the other one ~ (maybe MYJSESSIONID). Note that the last one is a total PITA to do in the first place, ties you to a single version of Tomcat (unless you re-hack each one), and breaks the servlet specification (which mandates that the session cookie name is JSESSIONID). Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkejLl0ACgkQ9CaO5/Lv0PDiqQCeM8Y0OpEJJobq1t+YZUoooMkg ZgcAoJQSnqLOyGU1uWJyJ0VWMVyG9U1+ =zSsj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
