Two questions on this :- As you said One way is by embedding the session ID in each URL generated by the application, which would indeed make the session work only as long as you click through the links in the same browser window. Is it done by browser internally or developer has to take care of this?
Regarding second point looks like from code xwiki is using cookies. Is there a way to disable cookies so if want the behaviour mentioned in Original post i can achieve it. > On 01/02/2012 11:35 PM, mohit gupta wrote: > >> Hi All, >> >> I do the login with admin credentials in one internet explorer window. Now >> i open one more seperate IE window and give my xwiki home url i.e >> http://localhost:8888/myxwiki/ . I see in this second i am directly >> getting >> logged in with admin credentials which is not correct. I should see login >> screen on this second window here. >> >> Then i did debugging and found out with both IE windows >> xwikicontext.getRequest().**getSession() returning the same session( >> basically both sessions are having same session id). As per my >> understanding session is specific to browser window . so both windows(or >> request from diffent IE windows) should have different session attached >> to >> them. >> Not getting how come both request are having same session id. >> > > No, this isn't true most of the times. A session is just a serverside > storage area reserved for one client, where the connection between the > client and the session is established by a key, called a session > identifier, and which can be stored in several ways. One way is by > embedding the session ID in each URL generated by the application, which > would indeed make the session work only as long as you click through the > links in the same browser window. Still, opening such a link in a new > window will keep the same session in a different window, and opening an URL > without the session ID in it would lose the session even in the same window. > > Another, simpler and preferred method of keeping the session identifier is > by using cookies, which work across an entire browsing session, across > windows and sometimes even across restarts if you configure your browser to > restore the previous (browser) session on restarts. > -- > Sergiu Dumitriu > http://purl.org/net/sergiu/ > ______________________________**_________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/**mailman/listinfo/users<http://lists.xwiki.org/mailman/listinfo/users> > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
