-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nicolas,
Nicolas Romantzoff wrote: > Session is binded to a connection (browser session) basically, not a > machine. > If you open a second browser (or a second tab) you should get a different > session-id. That's debatable, and depends on application requirements. > Don't use JSESSIONID in url parameters, but in session cookie (unless you > need to cross protocols like http <-> https) Actually, this is exactly backward: if you use JSESSIONID cookies, then the browser will always have the same user "logged-in" no matter how many windows you open. "Old" windows will suddenly inherit the credentials of the "new" windows, etc. If you want to have able to have multiple windows opened from the same web browser on the same machine with different logins, you need to DISABLE the use of cookies. This is possible by setting cookies="false" in your <Context> element for your webapp. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklZN1MACgkQ9CaO5/Lv0PD6qwCgpj6xpGROai2yGYqomFtcvbZj gEYAn024g6AaaBeaUnwBzgvo+wJRVhu7 =+Q2F -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
