How to open a new window with a new session scope?

Hi rrz.

We don't use cookies, but what you mean with URL rewritting?

Javier

So that means that if I disable cookies on the browser each time I open a URL the server will create a new session, right?

But there is no way that you can disable cookies programatically.

Javier

P.D.: Thanks for the boolean thing :c) I'M SILLY!!

correct!
>> But there is no way that you can disable cookies programatically.
you can force server to not use cookie.

>you can force server to not use cookie.
You can do that on the code, or just on conf?

I have to go, follow your answer tomorrow.

Javier

>> You can do that on the code, or just on conf?
config

I tried to do what I suggested in my first post. But I failed to find a way to do it.  

>if need more details just ask fot them.
If kenneth's suggestion doesn't work for you, then please do give more details.
What Objects did you want the session to hold ?

Well the point is that we have an application that creates a session on loging and so on, what we want to do is to be able to open a different session from the same browser like if you open a new browser from the systema and log in again, but normally browsers mantain the same session if you open a new window from it. I thougth about making a call to the system and open a new browser with the URL but I'm not really sure if that canm be done in all systems, I can do it on windows and IE but not sure if will work with linux or NS or Mozilla. That's why I asked the question here.

Javier

kennethxu is right, you will need to disable cookies and rewite the URL for this...

> I thougth about making a call to the system and open a new browser with the URL

You can't do this on a client's machine...

Hi Tim.

Thanks for the link, it looks interesting.

>You can't do this on a client's machine...

You can, but this is in Windows and IE don't think it will work in other systems and if the client does not have IE it wont work for sure, you can check the browser that the client uses and try to open a copy of it but....

<html>
<head><title>Open new Browser</title>
<script language="JavaScript">
function openNewBrowser() {
      var Shell = new ActiveXObject("WScript.Shell");
      Shell.Run("Iexplore.exe http://www.google.com");
}
</script>
</head>
<body>
<script>
openNewBrowser();
</script>      
</body>
</html>

Javier

Javier thanks for sharing that windows code.  

I tried the code posted by garthman ( pointed to by Tim's link above here).  
I couldn't get it to work. I doubt it would ever work. But I would loved to be proven wrong.    

Have you considered using application scope and  implemneting your own  pseudo-sessions ?  If you like that idea (hack hack)  then I would like to help you in trying to implement it.     rrz

>> I tried the code posted by garthman
you need to disable cookie session tracking in tomcat server before you can use url rewrite.

>you need to disable cookie session tracking in tomcat server  
kenneth, How is that done ?    

Regarding the link posted by Tim,
seems to me that question contains the same requirement that  Javier has asked for here ( that is why Tim posted the link, I think ). But the accepted answer (by garthman) does not provide a solution.    
Am I right or wrong ?    rrz

If my memory serves me add cookies="false" as a context attrribute in server.xml

sorry, I'm really busy at this moment :-(
can somebody check tomcat doc and verify this? thanks!

Thanks for the Help guys !!!
Has been my first question here !!!

Javier

Thanks for the points, Javier, but knowledge of how you solved your problem would be more valuable.   Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).  Also did you find out how to  disable cookie session tracking in the tomcat server as suggested by kenneth ?   If you want points for your extra time, then I will pass some to you.     rrz

Hehe I want no points rrz :c)

Actually I'm not really sure if is solved or not, was a question the ask me here at work and I just posted the question and delivered your good advices, I'll let you know once they tell me how did they've done it.

I just gave the points becose I think it will take some time to them to test all and find out an appropiate solution.

I promise I'll tell you.

Javier

Thanks Javier, but it is not just for me, it is for all readers of this database. Please think of all those that will search and find our posts in the future.  Everyone is here to learn.  rrz

I know rrz and Always post the solutions, you know that, just that I don't already have it, to tell you the truth I'm affraid that Kenneth warns me becose I don't close my questions.

:cP

No serious I'll do it right away I know it.

Javier

>> Specifically I would like to know what you thought of garthman's solution( see link posted by Tim).

What garthman was posted is correct. actually, you should always encode your internal url if you are going to put up on html page, include links and form action. That way, you'll have your session preserved regardless of whether user agent allows cookie.

I also check the tomcat doc and yes, that's the way to disable cookie session tracking.

>> I'm affraid that Kenneth warns me becose I don't close my questions.
Am I that bad :-(

kenneth, thanks very much for your time here. I know you have been quite busy.  
In order to sort this matter out, I put the following two lines on my pages.

fromUrl??<%=request.isRequestedSessionIdFromURL()%><br/>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><br/>  

Of course the initial response(in either browser) is always
fromUrl??false
fromCookie??false  
because the user agent has not joined the session yet and the session is new.  

>I also check the tomcat doc and yes, that's the way to disable cookie session tracking.
Yes, I agree. But I could not get the IE6 browser to agree.  

In Netscape 7.1  cookie control is finer.
So, I can deny the session cookie and  results in second page are  
fromUrl??true
fromCookie??false  

But in IE6 I could not get those results under any circumstances( but please prove me wrong).
Even using "Advanced Privacy Settings"
and checking both "overriding automatic cookie handling" and "block" all cookies.
The results in IE6 are always  
fromUrl??false
fromCookie??true    

Please comment.    rrz

My second page, is what garthman called   NewPage.jsp.    rrz

I'll find time to test, no promise on date and time :)

It works for me. I have tomcat 4.1.18, used the examles context. tested before and after set cookies="false" in server.xml
No setting change in IE6 and it works. You might want to clear IE cookie and test again.

a.jsp:
<% session.setAttribute("test", "This is a test string" ); %>
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp</a>

b.jsp:
test attribute: <%=session.getAttribute("test")%><p>
fromUrl??<%=request.isRequestedSessionIdFromURL()%><br>
fromCookie??<%=request.isRequestedSessionIdFromCookie()%><p>  
<a href="<%=response.encodeURL( "b.jsp" )%>">b.jsp again</a>

>Am I that bad :-(
I'm totally sure you're not.

My colleges are trying to implement the Javascript method I told them, becose they just want to create a new seesion on a special link on their application, as if they set cokies to false on the server they must encode all their URL and that will be too much work since is a production project.

I guess they should figured it out before they started the develop of it but no is to late to make that huge change.

But I think is a good thing to know all this we're talking about, I'm gald I asked this question I've learned a lot.

Thanks again to all of you.

Javier